Skip to main content

Shocker for Shellshock Demonstration

So if you haven't ever heard of the Shellshock vulnerability check this out before you proceed.

Oddly enough, there are obviously a bunch of servers and hosts around the world that are still vulnerable to this vulnerability simply because they choose not to update/patch their respective operating systems accordingly.

Anyway, while I was hanging around that section of the internet where Kitploit stays, I came across an interesting tool they mentioned. It's called Shocker which is basically a tool to "find and exploit servers vulnerable to shellshock". It's available here on github.

So what you do is you clone it onto your kali, move into the directory and launch the program shocker.py. The arguments you include may vary (check the help menu) but just include the IP address of the host you're scanning. In this case we used the Shellshock vulnerable VM from vulnhub.com.

It then shows us the possible options we can use and then we can finally select the commands we want to execute on the target machine. The example command was:
 /bin/cat  /etc/passwd 

where we called the binary cat to do what it does, which is display stuff. What it is displaying in this case is the passwd file in the etc folder. You can try other linux commands for yourself too.


Comments

Post a Comment

Popular posts from this blog

Password Cracking: RainbowCrack table generation, sorting and usage

I had to do this demo after one of my students asked for my assistance regarding how to use this tool. Usually, I just assign different tools to them individually depending on the aspect of penetration testing we are covering (session hijacking, vulnerability scanning, etc) and then tell them to submit a report and a video demo of how the tool is used. Anyway, after a brief one-to-one discussion I realized the student had actually done the research on how rainbow tables operate (above and beyond the material in the lecture slides) so I figured that if he was here asking for assistance, he genuinely needed it. The tool is available at the RainbowCrack site.  A detailed description of this nifty tool can also be found here . So, firstly I had to generate the rainbow tables. The command line syntax is: rtgen hash_algorithm charset plaintext_len_min plaintext_len_max table_index chain_len chain_num part_index where: hash_algorithm  Rainbow table is hash algorithm sp...
Post a Comment
Read more

Part 4 - Static and Dynamic analysis of a Remote Access Trojan

Now we delve into the world of Malware analysis, This can be either Basic static, basic dynamic, advanced static or advanced dynamic malware analysis. By static we just mean we do not execute the malicious program but simply analyse it by looking at the headers, the linked libraries it calls, its resources, etc. When it is advanced, this would mean breaking it down and analysing it with tools such as IDA Pro. Dynamic means we run it in a safe environment and see what it does. Basic tools include Regshot which simply takes a snapshot of the registry before and after the malware was executed. It then returns only the changes made in between those two points in time. Advanced would involve the use of a sandbox that monitors all the calls the malware makes as well as the connection attempts it tries to make to outside terminals or C&C servers. The video below illustrates Basic Static and Dynamic malware analysis.
Post a Comment
Read more

Malware Analysis: A Python Malware on campus 1

So a few weeks back after a class I'd taken with them,  a number of my students told me of a particular malware that was affecting students' computers, in particular, computers running Windows OS. According to them, if you tried to open a folder that was residing on the USB stick with the malware, the malware would delete some of your files and convert folders into executable files. Granted, the likelihood of a random folder miraculously transforming into a single executable file was kinda "out there" but I figured I'd check it out and use that as a teaching moment for those interested in venturing into malware analysis. So I tasked them to bring me a sample of the malware so I could take a look at it and maybe figure it out. I advised one of them to download DumpIt  and then extract the memory dump from an infected computer using a clean flash disk and then bring it to me. How do you do this exactly? here's how: Download DumpIt . It's a portable...
Post a Comment
Read more