What is Shellshock and how to hack a Unix based system using this vulnerability?
A Bash Shell is a common component of Linux, Unix and Mac OS X based operating systems that allows users and applications to execute commands on the system. This vulnerability allows for a malicious user to inject code that would be executed each time Bash is executed. This can result in system compromise, unauthorized data disclosure and website defacement amongst other types of attacks.
What is Bash and how does Shellshock work within it?
Shellshock is what is commonly termed as a Remote Code Execution (RCE) vulnerability within Bash. Just like we have the Command Prompt on Windows, Linux and UNIX have the command shell known as Bash. It helps the user run other programs within the system and Bash stands for “Bourne Again Shell”. Using the Shellshock vulnerability, an attacker can affect machines using a technique known as command injection. Via this method, he can run a program on Bash without intimating the user and without logging on to the computer himself. Since Bash runs several programs in the background, all the attacker needs to do is ensure that his malicious text is not spotted. Harmless looking data contains malicious code that gets executed in this scenario.
Who are affected by this?
Users of the BASH (Bourne-Again SHell) software, which is present on most Linux, Unix, Unix-like systems (e.g. Mac OS X) and Cisco IOS. This also includes the network devices which are running with *Nix OS.
What is the solution for Shellshock?
The attackers can easily mask the commands and place them within thousands of lines of code making it very difficult to pin point the vulnerable command used for shellshock. So the possible solution for this is keeping your operating system software updated frequently.
How to implement Shellshock and hack a linux machine practically?
We aren’t aware exactly what commands are used by the attackers for command injection in the BASH shell.
If someone can provide example, that would be a great learning and it will help protect our systems from similar attacks as the world did for SQL injection.