![]() I expect them to be issuing new patches almost weekly as we find more and more exploits taking advantage of the Shellshock vulnerability. Apple and the major Linux distributions have all issued patches, but there are still innumerable ways to get past these patches. This hack utilizes the BASH system call to the DHCP client, but this is just one of many potential exploits. Since the vulnerability is related to the BASH shell and its system calls, the number of vulnerabilities and exploits will become nearly innumerable. ![]() The Shellshock vulnerability makes nearly every system that runs a version of UNIX, Linux, or Mac OS X vulnerable to exploitation. In this screenshot, you can see that we have not only been able to access the system remotely, but we have root privileges. You should be greeted by a screen similar to the following one. Let's begin, of course, by firing up Kali Linux and starting Metasploit. Let's use that one to attack a Linux system and see how it works. In addition, they also developed a module that enables us to exploit Shellshock using the DHCP service. Recently, our friends at Rapid7, the developers of Metasploit, released a quick and dirty module that exploits one of the first discovered Shellshock vulnerabilities, namely the exploitation of the BASH shell to send CGI scripts to an Apache server. In the meantime, millions are millions of machines are out there, just waiting for your best efforts. Years of experience have taught me that many won't and many more will think they closed it and haven't (there is a fair amount of incompetence among IT security folks, as in other professions). Of course, the whole industry of IT security administrators are now scrambling to close this hole. Furthermore, nearly all the embedded systems, from security systems to automobiles to automated lighting systems use some form of Linux with a BASH shell. That list is extremely long! Probably thousands of utilities and applications use BASH for system calls. That is far from the truth! This vulnerability is linked to the BASH shell and any system calls it makes. Many network and security admins are now sitting around pretty smug that they have patched their system and they are now safe. ![]() The first proof of concept involved running a CGI script on the vulnerable system, but that is only scratching the surface of what can be done with this vulnerability. Every time a new patch is released, it almost immediately becomes obsolete as new vulnerabilities are being discovered daily. Shellshock will be with us for quite a while, despite efforts to patch systems, as we are only beginning to understand the extent of this vulnerability. Basically, it leaves nearly every form of Linux, Unix, and Mac OS X vulnerable to "remote code execution." This mean that the hacker can run their own code remotely and do whatever they want on the system, basically owning it. This vulnerability is one of the most serious in recent memory. As nearly two-thirds of all web servers on planet Earth run one of these operating systems (primarily Linux), that's a whole lot of systems out there waiting to be harvested. The most recent, named Shellshock, basically leaves every Mac OS X, Linux, and UNIX system on the planet vulnerable. Every so often, a MAJOR vulnerability appears that makes millions of systems vulnerable to attack.
0 Comments
Leave a Reply. |