In issue 9 of Linux Voice, we take a look at the Shellshock vulnerability, and how to exploit it. We’ve created a virtual machine to help you learn more about how it works. You can download it from this torrent. This will fetch an OVA file that you can import into VirtualBox. It contains a server that’s vulnerable to Shellshock. If you haven’t already, you’ll need to set up a host-only network to be able to access it (go to File > Preferences > Network > Host-only Network, and if there’s not an entry in the list, click the ‘+’ icon to add one). Then you should have access to the server running on the virtual machine.

The page on the virtual machine (you may need to change the IP address) is shellshockable.

You can attack it using wget from the host machine like this:

wget --referer ‘() { :; }; code-to-run’

Just replace code-to-run with the code you want to run on the vulnerable server. For full details of how this attack works, and how to use it to gain a remote shell, see the article in Linux Voice Issue 9.

One Comment

Leave a Reply to Daz Hale Cancel reply

Your email address will not be published. Required fields are marked *