Shellshock attack write-up: Letsdefend challenge.
What is Shellshock?
A 30 year old vulnerability in the Bash command-line interface shell called “Shellshock” was identified as a serious threat in 2014. Shellshock is still a threat to corporate world.
Shellshock is a critical vulnerability due to the escalated privileges afforded to attackers, which allow them to compromise systems at will. Although the ShellShock vulnerability, CVE-2014–6271, was discovered in 2014, it is known to still exist on a large number of servers in the world. The vulnerability was updated (CVE-2014–7169) soon after and has been modified up until 2018.
Introduction
So I decided to attempt to tackle a challenge on the Letsdefend platform today, which required you to discover more about the shellshock attack.
Instructions and challenge material
You must to find details of shellshock attacks
Log file: https://api.letsdefend.io/download/downloadfile/shellshock.zip Pass: 321
Note: pcap file found public resources.
The challenge consist of three questions
Challenge Questions
- What is the server operating system?
Solution
Use your preferred tools to examine the PCAP file that you downloaded; for my analysis, I used wireshark. I checked at the HTTP request on the PCAP file to determine the operating system name because these requests typically contain OS information fields in their headers. Please see the image below for packet number 15.
2. What is the application server and version running on the target system?
Solution
Check the image in question 1 to find the application server and version running on the target system; this information is found in the HTTP headers.
3. What is the exact command that the attacker wants to run on the target server?
Check the HTTP headers under user-agent to see the command that the attacker performed in order to determine it. A user agent is any software that retrieves and presents Web content for end users or is implemented using Web technologies. User agents include Web browsers, media players, and plug-ins that help in retrieving, rendering and interacting with Web content.Please see the image below.
Thank you for reading my article.