Hey Eli. http://www.tripwire.com/state-of-security/off-topic/shell-shocked-bash-bug-detection-tools-cve-2014-6271/
http://shellshocktest.com/ https://github.com/mubix/shellshocker-pocs enjoy your PT with all those tools. On Sat, Sep 27, 2014 at 11:37 AM, boazg <boaz.ge...@gmail.com> wrote: > try it with DHCP instead > > https://www.trustedsec.com/september-2014/shellshock-dhcp-rce-proof-concept/ > > On Sat, Sep 27, 2014 at 11:36 AM, boazg <boaz.ge...@gmail.com> wrote: > >> you need to find a vulnerable site. CGI doesn't have to pass through >> bash. you need a site that opens a subshell for something. they aren't >> uncommon, but it's not every linux-CGI site. >> >> On Fri, Sep 26, 2014 at 2:33 PM, Eli Billauer <e...@billauer.co.il> wrote: >> >>> Hi, >>> >>> I did >>> >>> # yum upgrade bash >>> >>> on Haifux' server, and it's off the hook. But I was also surprised that >>> it the attack failed even before that. >>> >>> Eli >>> >>> >>> On 26/09/14 12:39, guy keren wrote: >>> >>>> On 09/26/2014 12:30 PM, Eli Billauer wrote: >>>> >>>>> env x='() { :;}; echo vulnerable' bash -c 'echo This is a test' >>>>> >>>> >>>> you're too late - there's a (partial?) fix being distributed around... >>>> >>>> --guy >>>> _______________________________________________ >>>> Haifux mailing list >>>> Haifux@haifux.org >>>> http://haifux.org/mailman/listinfo/haifux >>>> >>>> >>> >>> -- >>> Web: http://www.billauer.co.il >>> >>> >>> _______________________________________________ >>> Haifux mailing list >>> Haifux@haifux.org >>> http://haifux.org/mailman/listinfo/haifux >>> >> >> > > _______________________________________________ > Haifux mailing list > Haifux@haifux.org > http://haifux.org/mailman/listinfo/haifux > > -- בברכה גיא אדרי משרד : 227799 - 048 נייד : 2121313 - 054
_______________________________________________ Haifux mailing list Haifux@haifux.org http://haifux.org/mailman/listinfo/haifux