312-50V10 · Question #906
What is the Shellshock bash vulnerability attempting to do on a vulnerable Linux host? env x='(){ :;};echo exploit' bash 璫 `cat/etc/passwd'
The correct answer is D. Display passwd content to prompt. The Shellshock exploit appends an arbitrary command after a malformed bash function definition in an environment variable, causing bash to execute it - here displaying the /etc/passwd file contents.
Question
What is the Shellshock bash vulnerability attempting to do on a vulnerable Linux host? env x='(){ :;};echo exploit' bash 璫 `cat/etc/passwd'
Options
- ARemoves the passwd file
- BChanges all passwords in passwd
- CAdd new user to the passwd file
- DDisplay passwd content to prompt
How the community answered
(37 responses)- A11% (4)
- B3% (1)
- C5% (2)
- D81% (30)
Why each option
The Shellshock exploit appends an arbitrary command after a malformed bash function definition in an environment variable, causing bash to execute it - here displaying the /etc/passwd file contents.
The command uses 'cat' to read the file, not 'rm' or any deletion command, so the passwd file is not removed.
The command only reads and outputs the passwd file contents; no 'passwd', 'chpasswd', or similar password-modification command is present.
No user-creation command such as 'useradd' or an append operation using '>>' is included, so no new user is added to the passwd file.
The Shellshock vulnerability (CVE-2014-6271) causes bash to execute commands appended after a crafted function definition when processing environment variables. The trailing 'cat /etc/passwd' command reads and prints the file to standard output, disclosing usernames and account metadata without modifying or deleting anything. This technique was commonly used in initial reconnaissance after exploiting Shellshock on web servers running CGI scripts.
Concept tested: Shellshock bash vulnerability arbitrary code execution
Source: https://nvd.nist.gov/vuln/detail/CVE-2014-6271
Topics
Community Discussion
No community discussion yet for this question.