Lets Defend Challenge: Shellshock Attack
Shellshock Attack 1
What is Shellshock attack? Shellshock is a family of security bugs in the Unix Bash shell. It was first disclosed on September 24, 2014, and could enable an attacker to cause Bash to execute arbitrary commands and gain unauthorized access to many Internet-facing services, such as web servers, that use Bash to process requests2
Solving the challenge
We need a program to open PCAP files. I’ll be using Wireshark again.
Q1: What is the server operating system?
At a quick glance we can see packets with the headers “500 Internal Errors”. This will likely have some clues regarding its OS.
Checking the decoded text, we can see:
Answer: Ubuntu
Q2: What is the application server and version running on the target system?
We can see this in the previous question.
Answer: Apache/2.2.22
Q3: What is the exact command that the attacker wants to run on the target server?
I quickly checked these packets due to the obvious name “/exploitable.cgi”
Inside the packets we can see this decoded text.
Answer: /bin/ping -c1 10.246.50.2