![]() + Server leaks inodes via ETags, header found with file /, inode: 7866, size: 1704, mtime: Thu Sep 25 11:56:50 2014 I know that this machines sole purpose is exploiting shellshock, but I still run nikto. ![]() Nmap done: 1 IP address (1 host up) scanned in 12.60 seconds Bash is not usually available through a web application but can be indirectly exposed through a Common Gateway Interface “CGI”. This vulnerability impacts the Bourne Again Shell “Bash”. The course description details the exploitation of the vulnerability CVE-2014-6271. After the first found vulnerability there were more vulnerabilities found and most known versions were patched.įor educational purposes I’m going to examine a virtual lab from. The nature of Shellshock was that with the vulnerable versions of bash (Unix Bourne-again shell), it was possible to inject code into bash and let it execute arbitrary commands. On 24 September 2014 a vulnerability was published under the name “ CVE-2014-6271” aka “ Shellshock“.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |