312-50V9 · Question #193
What is the Shellshock bash vulnerability attempting to do on an vulnerable Linux host? env x=(){ :;};echo exploit bash -c 'cat /etc/passwd'
The correct answer is A. Display passwd content to prompt. To extract private information, attackers are using a couple of techniques. The simplest extraction attacks are in the form: () {:;}; /bin/cat /etc/passwd That reads the password file /etc/passwd, and adds it to the response from the web server. So an attacker injecting this code
Question
What is the Shellshock bash vulnerability attempting to do on an vulnerable Linux host? env x=(){ :;};echo exploit bash -c 'cat /etc/passwd'
Options
- ADisplay passwd content to prompt
- BRemoves the passwd file
- CChanges all passwords in passwd
- DAdd new user to the passwd file
How the community answered
(17 responses)- A82% (14)
- B12% (2)
- C6% (1)
Explanation
To extract private information, attackers are using a couple of techniques. The simplest extraction attacks are in the form: () {:;}; /bin/cat /etc/passwd That reads the password file /etc/passwd, and adds it to the response from the web server. So an attacker injecting this code through the Shellshock vulnerability would see the password file dumped out onto their screen as part of the web page returned. https://blog.cloudflare.com/inside-shellshock/
Topics
Community Discussion
No community discussion yet for this question.