SlideShare a Scribd company logo

Article on shellshock

Download as DOCX, PDF
Kurapati Vishwak
Kurapati Vishwak

It is bug related to UNIX bash system. Doc which explain completely about the shell shock bug and it includes the step by step code segments related to shell shock bug

Technology
1 of 4
Shellshock (software bug) Shellshock is a security bug in the UNIX bash Shell. It was disclosed on 24th September 2014. The bash shell is widely used in many Unix-like systems, including Linux-based systems (such as Red Hat Enterprise Linux, Fedora, CentOS, Debian, and Ubuntu), *BSDs (such as FreeBSD and NetBSD), Apple MacOS X, and Cygwin (which runs on Windows). Thus, there were many systems that were potentially exploitable. Shells are widely used on these systems to process commands, so there were many ways to potentially exploit Shellshock. History: Stéphane Chazelas contacted Bash's maintainer, Chet Ramey, on 12 September 2014 telling about his discovery of the original bug, which he called "Bashdoor". Working together with security experts, he soon had a patch as well. The bug was assigned the CVE identifier CVE-2014-6271. It was announced to the public on 24 September 2014 when Bash updates with the fix were ready for distribution. Within days of the publication of this, intense scrutiny of the underlying design flaws discovered a variety of related vulnerabilities, (CVE-2014-6277, CVE-2014- 6278, CVE-2014-7169, CVE-2014-7186, and CVE-2014- 7187); which Ramey addressed with a series of further patches. Shellshock Logo How it works: Bash supports exporting not just shell variables, but also shell functions to another bash instance, via the process environment to (indirect) child processes. Current bash versions use an environment variable named by the function name, and a function definition starting with “() {” in the variable value to propagate function definitions through the environment. The vulnerability occurs because bash does not stop after processing the function definition; it continues to parse and execute shell commands following the function definition.
Ex: UNIX bash shell variables In the terminal of UNIX or Linux, execute the following commands to hack others system Step by step process: As-Mac-mini-5:~ A$ echo "hello" Hello As-Mac-mini-5:~ A$ myvar="hello" As-Mac-mini-5:~ A$ echo $myvar Hello As-Mac-mini-5:~ A$ bash bash-3.2$ echo $myvar bash-3.2$ ‘echo’ is the UNIX command to print something as it is present in the quotes like Hello in the above example. Myvar is a user defined variable and assigning a value ‘hello’. We can print the variable value using variable and echo together In order to access the ‘myvar’ in the child process, use bash command No result printed because our ‘myvar’ is not environmental variable to provide access to the child process Here we’ve to convert that ‘myvar’ as environmental variable Environment variables: When you start your new shell session, some variables are already ready for your use. These can be called environment variables. As-Mac-mini-5:~ A$ export myvar="hello" As-Mac-mini-5:~ A$ echo $myvar hello As-Mac-mini-5:~ A$ bash bash-3.2$ echo $myvar Hello bash-3.2$ ‘Export’ is used convert the local variable as environmental variable Observe that we can access the myvar in the child process (after the bash command in the script) Exporting bash functions to environment variables: As-Mac-mini-5:~ A$ export newfunction='() { echo 'hello';}; echo damn! I am vulnerable’ As-Mac-mini-5:~ A$ bash Echo damn!I am vulnerable
bash-3.2$ newfunction hello bash-3.2$ If the user writes the malicious code in place of ‘echo “damn! I’m vulnerable”’ , then the corresponding system gets hacked. Exploitationvectors: CGI-based web server: When a web server uses the Common Gateway Interface (CGI) to handle a document request, it passes various details of the request to a handler program in the environment variable list. If the request handler is a Bash script, Bash will receive the environment variables passed by the server and will process them. This provides a means for an attacker to trigger the Shellshock vulnerability with a specially crafted server request. OpenSSH server: OpenSSH has a "ForceCommand" feature, where a fixed command is executed when the user logs in, instead of just running an unrestricted command shell. DHCP clients: Some DHCP clients can also pass commands to Bash; a vulnerable systemcould be attacked when connecting to an open Wi-Fi network. Qmail server: When using Bash to process email messages (e.g. through .forward or qmail-alias piping), the qmail mail server passes external input through in a way that can exploit a vulnerable version of Bash. How worse than Heartbleed: Shellshock drew comparisons to the Heartbleed bug that was discovered in a crucial piece of software last spring. But Shellshock could be a bigger threat. While Heartbleed could be used to do things like steal passwords from a server, Shellshock can be used to take over the entire machine. And Heartbleed went unnoticed for 2 years and affected an estimated 500,000 machines, but Shellshock was not discovered for 22 years and affected has no limit. Shellshock severity rated as 10 out of 10 by NVD(National Vulnerability Developement). That'sa flawed piece ofcode could gounnoticedfor more thantwo decades couldbe surprisingto many. How to test our systems: To test if your systemis vulnerable just try this on bash: env x='() { :;}; echo vulnerable' bash –c "echo this is a test" If you're vulnerable it'll print: vulnerable
this is a test If you've updated Bash you'll only see this is a test Protect: Upgrade to the latest versions of Bash. References: http://www.wired.com/2014/09/shellshocked-bash/ https://www.alienvault.com/open-threat-exchange/blog/attackers-exploiting-shell-shock-cve- 2014-6721-in-the-wild http://www.darkreading.com/shellshock-bash-bug-impacts-basically-everything-exploits- appear-in-wild/d/d-id/1316064

Recommended

Clustering manual
Clustering manualClustering manual
Clustering manualMd. Mahedi Mahfuj
 
Arcshell SSH Module Overview
Arcshell SSH Module OverviewArcshell SSH Module Overview
Arcshell SSH Module OverviewEthan Ray Post
 
Suman bhatt
Suman bhattSuman bhatt
Suman bhattTapas Bayen
 
Linux basics
Linux basicsLinux basics
Linux basicsGeeta Vinnakota
 
Squid Server
Squid ServerSquid Server
Squid ServerSumant Garg
 
Docker for dev
Docker for devDocker for dev
Docker for devYusuf Found
 
Virtualbox and Mysql
Virtualbox and MysqlVirtualbox and Mysql
Virtualbox and MysqlLuca Pescatore
 
Git/Github/Bitbucket@TalkIt. Humber college.
Git/Github/Bitbucket@TalkIt. Humber college.Git/Github/Bitbucket@TalkIt. Humber college.
Git/Github/Bitbucket@TalkIt. Humber college.Andrew Romanenco
 

Recommended

Clustering manual
Clustering manualClustering manual
Clustering manualMd. Mahedi Mahfuj
 
Arcshell SSH Module Overview
Arcshell SSH Module OverviewArcshell SSH Module Overview
Arcshell SSH Module OverviewEthan Ray Post
 
Suman bhatt
Suman bhattSuman bhatt
Suman bhattTapas Bayen
 
Linux basics
Linux basicsLinux basics
Linux basicsGeeta Vinnakota
 
Squid Server
Squid ServerSquid Server
Squid ServerSumant Garg
 
Docker for dev
Docker for devDocker for dev
Docker for devYusuf Found
 
Virtualbox and Mysql
Virtualbox and MysqlVirtualbox and Mysql
Virtualbox and MysqlLuca Pescatore
 
Git/Github/Bitbucket@TalkIt. Humber college.
Git/Github/Bitbucket@TalkIt. Humber college.Git/Github/Bitbucket@TalkIt. Humber college.
Git/Github/Bitbucket@TalkIt. Humber college.Andrew Romanenco
 
Basics of Linux
Basics of LinuxBasics of Linux
Basics of LinuxSaifUrRahman180
 
Linux lecture6
Linux lecture6Linux lecture6
Linux lecture6Haider Adnan
 
Project 2 how to install and compile os161
Project 2 how to install and compile os161Project 2 how to install and compile os161
Project 2 how to install and compile os161Xiao Qin
 
SCAP for openSUSE
SCAP for openSUSESCAP for openSUSE
SCAP for openSUSEKazuki Omo
 
Squid Caching for Web Content Accerlation
Squid Caching for Web Content AccerlationSquid Caching for Web Content Accerlation
Squid Caching for Web Content Accerlationrahul8590
 
Introduction to Docker
Introduction to DockerIntroduction to Docker
Introduction to DockerBardia Heydari
 
Squid Proxy Server
Squid Proxy ServerSquid Proxy Server
Squid Proxy Server13bcs0012
 
R hive tutorial supplement 2 - Installing Hive
R hive tutorial supplement 2 - Installing HiveR hive tutorial supplement 2 - Installing Hive
R hive tutorial supplement 2 - Installing HiveAiden Seonghak Hong
 
Docker orchestration using core os and ansible - Ansible IL 2015
Docker orchestration using core os and ansible - Ansible IL 2015Docker orchestration using core os and ansible - Ansible IL 2015
Docker orchestration using core os and ansible - Ansible IL 2015Leonid Mirsky
 
Linux Training For Beginners | Linux Administration Tutorial | Introduction T...
Linux Training For Beginners | Linux Administration Tutorial | Introduction T...Linux Training For Beginners | Linux Administration Tutorial | Introduction T...
Linux Training For Beginners | Linux Administration Tutorial | Introduction T...Edureka!
 
DevSecCon Asia 2017: Guillaume Dedrie: A trip through the securitiy of devops...
DevSecCon Asia 2017: Guillaume Dedrie: A trip through the securitiy of devops...DevSecCon Asia 2017: Guillaume Dedrie: A trip through the securitiy of devops...
DevSecCon Asia 2017: Guillaume Dedrie: A trip through the securitiy of devops...DevSecCon
 
R hive tutorial supplement 1 - Installing Hadoop
R hive tutorial supplement 1 - Installing HadoopR hive tutorial supplement 1 - Installing Hadoop
R hive tutorial supplement 1 - Installing HadoopAiden Seonghak Hong
 
Containers: What are they, Really?
Containers: What are they, Really?Containers: What are they, Really?
Containers: What are they, Really?Sneha Inguva
 
How to export import a mysql database via ssh in aws lightsail wordpress rizw...
How to export import a mysql database via ssh in aws lightsail wordpress rizw...How to export import a mysql database via ssh in aws lightsail wordpress rizw...
How to export import a mysql database via ssh in aws lightsail wordpress rizw...AlexRobert25
 
Squid proxy-configuration-guide
Squid proxy-configuration-guideSquid proxy-configuration-guide
Squid proxy-configuration-guidejasembo
 
Linux day 2.ppt
Linux day 2.pptLinux day 2.ppt
Linux day 2.pptKalkey
 
Introduction to linux
Introduction to linuxIntroduction to linux
Introduction to linuxGourav Varma
 
Project on squid proxy in rhel 6
Project on squid proxy in rhel 6Project on squid proxy in rhel 6
Project on squid proxy in rhel 6Nutan Kumar Panda
 
Post exploitation using powershell
Post exploitation using powershellPost exploitation using powershell
Post exploitation using powershellMihir Shah
 
Project 2 How to modify os161: A Manual
Project 2 How to modify os161: A ManualProject 2 How to modify os161: A Manual
Project 2 How to modify os161: A ManualXiao Qin
 
Russian.secret.alien.races.book
Russian.secret.alien.races.bookRussian.secret.alien.races.book
Russian.secret.alien.races.bookTocup
 
歇歇
奕宏 林
 

More Related Content

What's hot

Project 2 how to install and compile os161
Project 2 how to install and compile os161Project 2 how to install and compile os161
Project 2 how to install and compile os161Xiao Qin
 
SCAP for openSUSE
SCAP for openSUSESCAP for openSUSE
SCAP for openSUSEKazuki Omo
 
Squid Caching for Web Content Accerlation
Squid Caching for Web Content AccerlationSquid Caching for Web Content Accerlation
Squid Caching for Web Content Accerlationrahul8590
 
Introduction to Docker
Introduction to DockerIntroduction to Docker
Introduction to DockerBardia Heydari
 
Squid Proxy Server
Squid Proxy ServerSquid Proxy Server
Squid Proxy Server13bcs0012
 
R hive tutorial supplement 2 - Installing Hive
R hive tutorial supplement 2 - Installing HiveR hive tutorial supplement 2 - Installing Hive
R hive tutorial supplement 2 - Installing HiveAiden Seonghak Hong
 
Docker orchestration using core os and ansible - Ansible IL 2015
Docker orchestration using core os and ansible - Ansible IL 2015Docker orchestration using core os and ansible - Ansible IL 2015
Docker orchestration using core os and ansible - Ansible IL 2015Leonid Mirsky
 
Linux Training For Beginners | Linux Administration Tutorial | Introduction T...
Linux Training For Beginners | Linux Administration Tutorial | Introduction T...Linux Training For Beginners | Linux Administration Tutorial | Introduction T...
Linux Training For Beginners | Linux Administration Tutorial | Introduction T...Edureka!
 
DevSecCon Asia 2017: Guillaume Dedrie: A trip through the securitiy of devops...
DevSecCon Asia 2017: Guillaume Dedrie: A trip through the securitiy of devops...DevSecCon Asia 2017: Guillaume Dedrie: A trip through the securitiy of devops...
DevSecCon Asia 2017: Guillaume Dedrie: A trip through the securitiy of devops...DevSecCon
 
R hive tutorial supplement 1 - Installing Hadoop
R hive tutorial supplement 1 - Installing HadoopR hive tutorial supplement 1 - Installing Hadoop
R hive tutorial supplement 1 - Installing HadoopAiden Seonghak Hong
 
Containers: What are they, Really?
Containers: What are they, Really?Containers: What are they, Really?
Containers: What are they, Really?Sneha Inguva
 
How to export import a mysql database via ssh in aws lightsail wordpress rizw...
How to export import a mysql database via ssh in aws lightsail wordpress rizw...How to export import a mysql database via ssh in aws lightsail wordpress rizw...
How to export import a mysql database via ssh in aws lightsail wordpress rizw...AlexRobert25
 
Squid proxy-configuration-guide
Squid proxy-configuration-guideSquid proxy-configuration-guide
Squid proxy-configuration-guidejasembo
 
Linux day 2.ppt
Linux day 2.pptLinux day 2.ppt
Linux day 2.pptKalkey
 
Introduction to linux
Introduction to linuxIntroduction to linux
Introduction to linuxGourav Varma
 
Project on squid proxy in rhel 6
Project on squid proxy in rhel 6Project on squid proxy in rhel 6
Project on squid proxy in rhel 6Nutan Kumar Panda
 
Post exploitation using powershell
Post exploitation using powershellPost exploitation using powershell
Post exploitation using powershellMihir Shah
 
Project 2 How to modify os161: A Manual
Project 2 How to modify os161: A ManualProject 2 How to modify os161: A Manual
Project 2 How to modify os161: A ManualXiao Qin
 

What's hot (20)

Basics of Linux
Basics of LinuxBasics of Linux
Basics of Linux
 
Linux lecture6
Linux lecture6Linux lecture6
Linux lecture6
 
Project 2 how to install and compile os161
Project 2 how to install and compile os161Project 2 how to install and compile os161
Project 2 how to install and compile os161
 
SCAP for openSUSE
SCAP for openSUSESCAP for openSUSE
SCAP for openSUSE
 
Squid Caching for Web Content Accerlation
Squid Caching for Web Content AccerlationSquid Caching for Web Content Accerlation
Squid Caching for Web Content Accerlation
 
Introduction to Docker
Introduction to DockerIntroduction to Docker
Introduction to Docker
 
Squid Proxy Server
Squid Proxy ServerSquid Proxy Server
Squid Proxy Server
 
R hive tutorial supplement 2 - Installing Hive
R hive tutorial supplement 2 - Installing HiveR hive tutorial supplement 2 - Installing Hive
R hive tutorial supplement 2 - Installing Hive
 
Docker orchestration using core os and ansible - Ansible IL 2015
Docker orchestration using core os and ansible - Ansible IL 2015Docker orchestration using core os and ansible - Ansible IL 2015
Docker orchestration using core os and ansible - Ansible IL 2015
 
Linux Training For Beginners | Linux Administration Tutorial | Introduction T...
Linux Training For Beginners | Linux Administration Tutorial | Introduction T...Linux Training For Beginners | Linux Administration Tutorial | Introduction T...
Linux Training For Beginners | Linux Administration Tutorial | Introduction T...
 
DevSecCon Asia 2017: Guillaume Dedrie: A trip through the securitiy of devops...
DevSecCon Asia 2017: Guillaume Dedrie: A trip through the securitiy of devops...DevSecCon Asia 2017: Guillaume Dedrie: A trip through the securitiy of devops...
DevSecCon Asia 2017: Guillaume Dedrie: A trip through the securitiy of devops...
 
R hive tutorial supplement 1 - Installing Hadoop
R hive tutorial supplement 1 - Installing HadoopR hive tutorial supplement 1 - Installing Hadoop
R hive tutorial supplement 1 - Installing Hadoop
 
Containers: What are they, Really?
Containers: What are they, Really?Containers: What are they, Really?
Containers: What are they, Really?
 
How to export import a mysql database via ssh in aws lightsail wordpress rizw...
How to export import a mysql database via ssh in aws lightsail wordpress rizw...How to export import a mysql database via ssh in aws lightsail wordpress rizw...
How to export import a mysql database via ssh in aws lightsail wordpress rizw...
 
Squid proxy-configuration-guide
Squid proxy-configuration-guideSquid proxy-configuration-guide
Squid proxy-configuration-guide
 
Linux day 2.ppt
Linux day 2.pptLinux day 2.ppt
Linux day 2.ppt
 
Introduction to linux
Introduction to linuxIntroduction to linux
Introduction to linux
 
Project on squid proxy in rhel 6
Project on squid proxy in rhel 6Project on squid proxy in rhel 6
Project on squid proxy in rhel 6
 
Post exploitation using powershell
Post exploitation using powershellPost exploitation using powershell
Post exploitation using powershell
 
Project 2 How to modify os161: A Manual
Project 2 How to modify os161: A ManualProject 2 How to modify os161: A Manual
Project 2 How to modify os161: A Manual
 

Viewers also liked

Russian.secret.alien.races.book
Russian.secret.alien.races.bookRussian.secret.alien.races.book
Russian.secret.alien.races.bookTocup
 
Question 3 - Danny McGinn
Question 3 - Danny McGinnQuestion 3 - Danny McGinn
Question 3 - Danny McGinnMcGinn96
 
What type of media institution might distribute your film?
What type of media institution might distribute your film?What type of media institution might distribute your film?
What type of media institution might distribute your film?jonej146
 
عرض محاضرة التعليم الالكتروني
عرض محاضرة التعليم الالكترونيعرض محاضرة التعليم الالكتروني
عرض محاضرة التعليم الالكترونيsharefh1402
 
Sahi-Web Automation and Testing Tool
Sahi-Web Automation and Testing ToolSahi-Web Automation and Testing Tool
Sahi-Web Automation and Testing ToolKurapati Vishwak
 
Question 1 - Danny McGinn
Question 1 - Danny McGinnQuestion 1 - Danny McGinn
Question 1 - Danny McGinnMcGinn96
 
Multiple inheritance possible in Java
Multiple inheritance possible in JavaMultiple inheritance possible in Java
Multiple inheritance possible in JavaKurapati Vishwak
 
Application of fuzzy logic
Application of fuzzy logicApplication of fuzzy logic
Application of fuzzy logicViraj Patel
 

Viewers also liked (12)

Russian.secret.alien.races.book
Russian.secret.alien.races.bookRussian.secret.alien.races.book
Russian.secret.alien.races.book
 
歇歇
 
Question 3 - Danny McGinn
Question 3 - Danny McGinnQuestion 3 - Danny McGinn
Question 3 - Danny McGinn
 
What type of media institution might distribute your film?
What type of media institution might distribute your film?What type of media institution might distribute your film?
What type of media institution might distribute your film?
 
57
5757
57
 
Presentatie UrbanAgenda
Presentatie UrbanAgendaPresentatie UrbanAgenda
Presentatie UrbanAgenda
 
Shell Shock (Bash Bug)
Shell Shock (Bash Bug)Shell Shock (Bash Bug)
Shell Shock (Bash Bug)
 
عرض محاضرة التعليم الالكتروني
عرض محاضرة التعليم الالكترونيعرض محاضرة التعليم الالكتروني
عرض محاضرة التعليم الالكتروني
 
Sahi-Web Automation and Testing Tool
Sahi-Web Automation and Testing ToolSahi-Web Automation and Testing Tool
Sahi-Web Automation and Testing Tool
 
Question 1 - Danny McGinn
Question 1 - Danny McGinnQuestion 1 - Danny McGinn
Question 1 - Danny McGinn
 
Multiple inheritance possible in Java
Multiple inheritance possible in JavaMultiple inheritance possible in Java
Multiple inheritance possible in Java
 
Application of fuzzy logic
Application of fuzzy logicApplication of fuzzy logic
Application of fuzzy logic
 

Similar to Article on shellshock

ShellShock (Software BASH Bug)
ShellShock (Software BASH Bug)ShellShock (Software BASH Bug)
ShellShock (Software BASH Bug)ViSolve, Inc.
 
Shellshock - A Software Bug
Shellshock - A Software BugShellshock - A Software Bug
Shellshock - A Software Bugvwchu
 
The Bash Bug explained !
The Bash Bug explained !The Bash Bug explained !
The Bash Bug explained !Ahmed Banafa
 
The bash vulnerability practical tips to secure your environment
The bash vulnerability practical tips to secure your environmentThe bash vulnerability practical tips to secure your environment
The bash vulnerability practical tips to secure your environmentAlienVault
 
Unix Security
Unix SecurityUnix Security
Unix Securityreplay21
 
An introduction to SSH
An introduction to SSHAn introduction to SSH
An introduction to SSHnussbauml
 
Open Source Virtualization Hacks
Open Source Virtualization HacksOpen Source Virtualization Hacks
Open Source Virtualization HacksNiel Bornstein
 
Was the cloud shell shocked
Was the cloud shell shockedWas the cloud shell shocked
Was the cloud shell shockedLaurenEllis
 
Introduction 2 linux
Introduction 2 linuxIntroduction 2 linux
Introduction 2 linuxPapu Kumar
 
Shell & Shell Script
Shell & Shell ScriptShell & Shell Script
Shell & Shell ScriptAmit Ghosh
 
Shell & Shell Script
Shell & Shell Script Shell & Shell Script
Shell & Shell Script Amit Ghosh
 
Power shell training
Power shell trainingPower shell training
Power shell trainingDavid Brabant
 
Introduction to-linux
Introduction to-linuxIntroduction to-linux
Introduction to-linuxkishore1986
 
Agile Brown Bag - Vagrant & Docker: Introduction
Agile Brown Bag - Vagrant & Docker: IntroductionAgile Brown Bag - Vagrant & Docker: Introduction
Agile Brown Bag - Vagrant & Docker: IntroductionAgile Partner S.A.
 
Hadoop 2.0 cluster setup on ubuntu 14.04 (64 bit)
Hadoop 2.0 cluster setup on ubuntu 14.04 (64 bit)Hadoop 2.0 cluster setup on ubuntu 14.04 (64 bit)
Hadoop 2.0 cluster setup on ubuntu 14.04 (64 bit)Nag Arvind Gudiseva
 
BuildStuff.LT 2018 InSpec Workshop
BuildStuff.LT 2018 InSpec WorkshopBuildStuff.LT 2018 InSpec Workshop
BuildStuff.LT 2018 InSpec WorkshopMandi Walls
 

Similar to Article on shellshock (20)

ShellShock (Software BASH Bug)
ShellShock (Software BASH Bug)ShellShock (Software BASH Bug)
ShellShock (Software BASH Bug)
 
Shellshock - A Software Bug
Shellshock - A Software BugShellshock - A Software Bug
Shellshock - A Software Bug
 
The Bash Bug explained !
The Bash Bug explained !The Bash Bug explained !
The Bash Bug explained !
 
UnixShells.ppt
UnixShells.pptUnixShells.ppt
UnixShells.ppt
 
The bash vulnerability practical tips to secure your environment
The bash vulnerability practical tips to secure your environmentThe bash vulnerability practical tips to secure your environment
The bash vulnerability practical tips to secure your environment
 
Unix Security
Unix SecurityUnix Security
Unix Security
 
An introduction to SSH
An introduction to SSHAn introduction to SSH
An introduction to SSH
 
Open Source Virtualization Hacks
Open Source Virtualization HacksOpen Source Virtualization Hacks
Open Source Virtualization Hacks
 
Was the cloud shell shocked
Was the cloud shell shockedWas the cloud shell shocked
Was the cloud shell shocked
 
The Shellshocker
The ShellshockerThe Shellshocker
The Shellshocker
 
Introduction 2 linux
Introduction 2 linuxIntroduction 2 linux
Introduction 2 linux
 
Shell & Shell Script
Shell & Shell ScriptShell & Shell Script
Shell & Shell Script
 
Shell & Shell Script
Shell & Shell Script Shell & Shell Script
Shell & Shell Script
 
Power shell training
Power shell trainingPower shell training
Power shell training
 
Introduction to-linux
Introduction to-linuxIntroduction to-linux
Introduction to-linux
 
Agile Brown Bag - Vagrant & Docker: Introduction
Agile Brown Bag - Vagrant & Docker: IntroductionAgile Brown Bag - Vagrant & Docker: Introduction
Agile Brown Bag - Vagrant & Docker: Introduction
 
Travis CI - PHP
Travis CI - PHPTravis CI - PHP
Travis CI - PHP
 
Hadoop 2.0 cluster setup on ubuntu 14.04 (64 bit)
Hadoop 2.0 cluster setup on ubuntu 14.04 (64 bit)Hadoop 2.0 cluster setup on ubuntu 14.04 (64 bit)
Hadoop 2.0 cluster setup on ubuntu 14.04 (64 bit)
 
cisco
ciscocisco
cisco
 
BuildStuff.LT 2018 InSpec Workshop
BuildStuff.LT 2018 InSpec WorkshopBuildStuff.LT 2018 InSpec Workshop
BuildStuff.LT 2018 InSpec Workshop
 

Recently uploaded

08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsRoshan Dwivedi
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 

Recently uploaded (20)

08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 

Article on shellshock

  • 1. Shellshock (software bug) Shellshock is a security bug in the UNIX bash Shell. It was disclosed on 24th September 2014. The bash shell is widely used in many Unix-like systems, including Linux-based systems (such as Red Hat Enterprise Linux, Fedora, CentOS, Debian, and Ubuntu), *BSDs (such as FreeBSD and NetBSD), Apple MacOS X, and Cygwin (which runs on Windows). Thus, there were many systems that were potentially exploitable. Shells are widely used on these systems to process commands, so there were many ways to potentially exploit Shellshock. History: Stéphane Chazelas contacted Bash's maintainer, Chet Ramey, on 12 September 2014 telling about his discovery of the original bug, which he called "Bashdoor". Working together with security experts, he soon had a patch as well. The bug was assigned the CVE identifier CVE-2014-6271. It was announced to the public on 24 September 2014 when Bash updates with the fix were ready for distribution. Within days of the publication of this, intense scrutiny of the underlying design flaws discovered a variety of related vulnerabilities, (CVE-2014-6277, CVE-2014- 6278, CVE-2014-7169, CVE-2014-7186, and CVE-2014- 7187); which Ramey addressed with a series of further patches. Shellshock Logo How it works: Bash supports exporting not just shell variables, but also shell functions to another bash instance, via the process environment to (indirect) child processes. Current bash versions use an environment variable named by the function name, and a function definition starting with “() {” in the variable value to propagate function definitions through the environment. The vulnerability occurs because bash does not stop after processing the function definition; it continues to parse and execute shell commands following the function definition.
  • 2. Ex: UNIX bash shell variables In the terminal of UNIX or Linux, execute the following commands to hack others system Step by step process: As-Mac-mini-5:~ A$ echo "hello" Hello As-Mac-mini-5:~ A$ myvar="hello" As-Mac-mini-5:~ A$ echo $myvar Hello As-Mac-mini-5:~ A$ bash bash-3.2$ echo $myvar bash-3.2$ ‘echo’ is the UNIX command to print something as it is present in the quotes like Hello in the above example. Myvar is a user defined variable and assigning a value ‘hello’. We can print the variable value using variable and echo together In order to access the ‘myvar’ in the child process, use bash command No result printed because our ‘myvar’ is not environmental variable to provide access to the child process Here we’ve to convert that ‘myvar’ as environmental variable Environment variables: When you start your new shell session, some variables are already ready for your use. These can be called environment variables. As-Mac-mini-5:~ A$ export myvar="hello" As-Mac-mini-5:~ A$ echo $myvar hello As-Mac-mini-5:~ A$ bash bash-3.2$ echo $myvar Hello bash-3.2$ ‘Export’ is used convert the local variable as environmental variable Observe that we can access the myvar in the child process (after the bash command in the script) Exporting bash functions to environment variables: As-Mac-mini-5:~ A$ export newfunction='() { echo 'hello';}; echo damn! I am vulnerable’ As-Mac-mini-5:~ A$ bash Echo damn!I am vulnerable
  • 3. bash-3.2$ newfunction hello bash-3.2$ If the user writes the malicious code in place of ‘echo “damn! I’m vulnerable”’ , then the corresponding system gets hacked. Exploitationvectors: CGI-based web server: When a web server uses the Common Gateway Interface (CGI) to handle a document request, it passes various details of the request to a handler program in the environment variable list. If the request handler is a Bash script, Bash will receive the environment variables passed by the server and will process them. This provides a means for an attacker to trigger the Shellshock vulnerability with a specially crafted server request. OpenSSH server: OpenSSH has a "ForceCommand" feature, where a fixed command is executed when the user logs in, instead of just running an unrestricted command shell. DHCP clients: Some DHCP clients can also pass commands to Bash; a vulnerable systemcould be attacked when connecting to an open Wi-Fi network. Qmail server: When using Bash to process email messages (e.g. through .forward or qmail-alias piping), the qmail mail server passes external input through in a way that can exploit a vulnerable version of Bash. How worse than Heartbleed: Shellshock drew comparisons to the Heartbleed bug that was discovered in a crucial piece of software last spring. But Shellshock could be a bigger threat. While Heartbleed could be used to do things like steal passwords from a server, Shellshock can be used to take over the entire machine. And Heartbleed went unnoticed for 2 years and affected an estimated 500,000 machines, but Shellshock was not discovered for 22 years and affected has no limit. Shellshock severity rated as 10 out of 10 by NVD(National Vulnerability Developement). That'sa flawed piece ofcode could gounnoticedfor more thantwo decades couldbe surprisingto many. How to test our systems: To test if your systemis vulnerable just try this on bash: env x='() { :;}; echo vulnerable' bash –c "echo this is a test" If you're vulnerable it'll print: vulnerable
  • 4. this is a test If you've updated Bash you'll only see this is a test Protect: Upgrade to the latest versions of Bash. References: http://www.wired.com/2014/09/shellshocked-bash/ https://www.alienvault.com/open-threat-exchange/blog/attackers-exploiting-shell-shock-cve- 2014-6721-in-the-wild http://www.darkreading.com/shellshock-bash-bug-impacts-basically-everything-exploits- appear-in-wild/d/d-id/1316064