nerdexam
EC-Council

312-50V9 · Question #193

What is the Shellshock bash vulnerability attempting to do on an vulnerable Linux host? env x=(){ :;};echo exploit bash -c 'cat /etc/passwd'

The correct answer is A. Display passwd content to prompt. To extract private information, attackers are using a couple of techniques. The simplest extraction attacks are in the form: () {:;}; /bin/cat /etc/passwd That reads the password file /etc/passwd, and adds it to the response from the web server. So an attacker injecting this code

System Hacking

Question

What is the Shellshock bash vulnerability attempting to do on an vulnerable Linux host? env x=(){ :;};echo exploit bash -c 'cat /etc/passwd'

Options

  • ADisplay passwd content to prompt
  • BRemoves the passwd file
  • CChanges all passwords in passwd
  • DAdd new user to the passwd file

How the community answered

(17 responses)
  • A
    82% (14)
  • B
    12% (2)
  • C
    6% (1)

Explanation

To extract private information, attackers are using a couple of techniques. The simplest extraction attacks are in the form: () {:;}; /bin/cat /etc/passwd That reads the password file /etc/passwd, and adds it to the response from the web server. So an attacker injecting this code through the Shellshock vulnerability would see the password file dumped out onto their screen as part of the web page returned. https://blog.cloudflare.com/inside-shellshock/

Topics

#Shellshock#bash vulnerability#command injection#/etc/passwd

Community Discussion

No community discussion yet for this question.

Full 312-50V9 Practice