Metasploit Shellshock
Hey guys have you heard of shellshock vulnerability.Every so often, a MAJOR vulnerability appears that makes millions of systems vulnerable to attack. The most recent, named Shellshock, basically leaves every Mac OS X, Linux, and UNIX system on the planet vulnerable. As nearly two-thirds of all web servers on planet Earth run one of these operating systems (primarily Linux), that’s a whole lot of systems out there waiting to be harvested. This vulnerability is one of the most serious in recent memory. Basically, it leaves nearly every form of Linux, Unix, and Mac OS X vulnerable to “remote code execution.” This mean that the hacker can run their own code remotely and do whatever they want on the system, basically owning it.
Audio 50 aps w212 updated 2018. Recently, our friends at Rapid7, the developers of Metasploit, released a quick and dirty module that exploits one of the first discovered Shellshock vulnerabilities, namely the exploitation of the BASH shell to send CGI scripts to an Apache server.
Shellshock will be with us for quite a while, despite efforts to patch systems, as we are only beginning to understand the extent of this vulnerability. Every time a new patch is released, it almost immediately becomes obsolete as new vulnerabilities are being discovered daily. The first proof of concept involved running a CGI script on the vulnerable system, but that is only scratching the surface of what can be done with this vulnerability. Many network and security admins are now sitting around pretty smug that they have patched their system and they are now safe.
That is far from the truth! This vulnerability is linked to the BASH shell and any system calls it makes. That list is extremely long! Probably thousands of utilities and applications use BASH for system calls. Furthermore, nearly all the embedded systems, from security systems to automobiles to automated lighting systems use some form of Linux with a BASH shell. ALL are vulnerable to this hack. Of course, the whole industry of IT security administrators are now scrambling to close this hole.
Years of experience have taught me that many won’t and many more will think they closed it and haven’t (there is a fair amount of incompetence among IT security folks, as in other professions). In the meantime, millions are millions of machines are out there, just waiting for your best efforts. Recently, our friends at Rapid7, the developers of Metasploit, released a quick and dirty module that exploits one of the first discovered Shellshock vulnerabilities, namely the exploitation of the BASH shell to send CGI scripts to an Apache server.
In addition, they also developed a module that enables us to exploit Shellshock using the DHCP service. Let’s use that one to attack a Linux system and see how it works. Step 1: Start Metasploit Let’s begin, of course, by firing up Kali Linux and starting Metasploit.