This repo was created for the people who attended my workshop about Shellshock at FOSSCOMM and want to see what files and configutations I used in order to create the Laboratories. The files you will see in this repo include the bind (DNS) configuration for "www.shellshock.site" ( make sure you change the A records at /etc/bind/db.shellshock.site), the Apache configuration files for shellshock.site. With this settings on your Apache you are also able to execute CGI files.
Finally you can also find the ssh configuration which allows only Public Key Authentication. Note that the user set at authorized_keys has username "fosscomm". Adjust it to your needs.
Here is how you can download your vulnerable bash:
mkdir src && cd src
wget http://ftp.gnu.org/gnu/bash/bash-3.1.tar.gz
tar zxvf bash-3.1.tar.gz
cd bash-3.1
./configure && make
sudo make install
sudo mv /bin/bash /bin/bash.old
sudo ln -s /usr/local/bin/bash /bin/bash
#Test your Bash Version for shellshock
env x='() { :; }; echo Normally I should not be able to see this' bash -c :