No description, website, or topics provided.
ApacheConf Shell HTML
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Failed to load latest commit information.

Fosscomm - Shellshock Labs

This repo was created for the people who attended my workshop about Shellshock at FOSSCOMM and want to see what files and configutations I used in order to create the Laboratories. The files you will see in this repo include the bind (DNS) configuration for "" ( make sure you change the A records at /etc/bind/, the Apache configuration files for With this settings on your Apache you are also able to execute CGI files.

Finally you can also find the ssh configuration which allows only Public Key Authentication. Note that the user set at authorized_keys has username "fosscomm". Adjust it to your needs.

Here is how you can download your vulnerable bash:

mkdir src && cd src


tar zxvf bash-3.1.tar.gz

cd bash-3.1

./configure && make

sudo make install

sudo mv /bin/bash /bin/bash.old

sudo ln -s /usr/local/bin/bash /bin/bash

#Test your Bash Version for shellshock

env x='() { :; }; echo Normally I should not be able to see this' bash -c :

Slides from FOSSCOMM

Slides from FOSSCOMM Workshop