Lab: Shellshock Background and Setup

The goal of this step is to setup for the lab.

The bash program had a programming error which leads to an exploit.
- This was discovered in 2014.
- It was classified as CVE-2014-2671.
- Within hours after the exposure, attacks began.
- Millions of related attacks have been recorded.
When a function in bash was declared, and a new shell was executed, the creator of the function could force extra code to be executed.
We will explore the vulnerability in this lab.