Lab: Shellshock Background and Setup
Lab: Shellshock Background and Setup
The goal of this step is to setup for the lab.
Step1: Setup
- Install the virtual machine SeedUbuntu16.ova.
- We are using an older version of this lab.
- This image has vulnerabilities that we will be exploring.
- Do not use this image for anything other than cybersecurity practice.
- Log in as
seed, password dees.
- In the image I have, this is not required.
Step2: Background
- The bash program had a programming error which leads to an exploit.
- This was discovered in 2014.
- It was classified as CVE-2014-2671.
- Within hours after the exposure, attacks began.
- Millions of related attacks have been recorded.
- When a function in bash was declared, and a new shell was executed, the creator of the function could force extra code to be executed.
- We will explore the vulnerability in this lab.