Preventing hackers from gaining access: ShellShock, the vulnerability that shocked the world
March 26, 2020

Shellshock a serious security vulnerability that was exploited several hours after its initial disclosure on September 24, 2014.  

If you are already caught up on what ShellShock is, you can scan your company for free and check whether your web applications are vulnerable to ShellShock with Autobahn.

What is it

The bug was found in the Unix Bash shell and enabled attackers to execute arbitrary commands, or in other words, inject code remotely. Shellshock was problematic for a lot of people as hackers could exploit the vulnerability through the web in certain instances.

You can see Bash as a “translator” that allows users to write commands on Linux and Unix systems. It is a program that reads command and then executes those. Those commands can come from a file, or you can type them. One would normally connect to these systems over SSH or Telnet.  

Bash saw the light near the end of the 80s – and is since then extremely popular and thus widespread; it is the default shell for Linux and Mac OS. This is why Shellshock made such a big impact, it is one of the most installed utilities on any Linux system.  

As stated, malicious actors exploited Shellshock quickly by creating botnets that consisted of compromised systems. These botnets were used for vulnerability scanning, but also for DDoS attacks. As Shellshock had the potential to compromise millions of unpatched computers and servers, the comparison to the severity of the Heartbleed bug was quickly made.

But what does it mean for an attacker to be able to execute arbitrary commands, in other words “getting shell” on a system?

This can be a range of “wins” – from access to confidential data to reconfiguring the boxes that are under attack. This type of attack normally requires experts, as one needs to understand memory layout, coding language, and much more. But Shellshock removed the need for these experts, as it delivered a very simple method of taking over another computer and let it execute (malicious) code.

How did it work?

Systems vulnerable to Shellshock were attacked by adding the string () { :; }; to a specific variable and then sending that string to the target computer over HTTP.

For example, if an attacker wanted to extract private information like passwords (or get RCE), he or she could add the string

{% c-block language="html" %}

() {:;}; /bin/cat /etc/passwd.

{% c-block-end %}

This enables the attacker to read the password file as it is displayed on his or her screen as part of the returned website.  

How do I secure myself?

Curious if your systems are vulnerable to Shellshock? Try Autobahn, the vulnerability scanner with the hacker’s perspective now for free! Click here to sign up and get your report with tips on how to remediate Shellshock now.  

If you already scanned your assets with Autobahn and the report points out a ShellShock vulnerability, it means that we discovered a web application vulnerable to this issue. To prevent malicious actors getting access to your systems and data, update Bash as soon as possible. You can do this with the following commands for Ubuntu and CentOS:

{% c-block language="html" %}

### Ubuntu
1. Fetch an updated index from repository
`$ sudo apt-get update`

2. Then update package to the latest version
 `$ sudo apt-get install bash`  

{% c-block-end %}

{% c-block language="html" %}

### CentOS
1. Check package update
`# yum check-update`

2. Then update package to the latest version
`# yum update bash`  

{% c-block-end %}

What are you waiting for?
Discover your asset’s vulnerabilities. Get your first scan for free.
Try For Free

Subscribe Now

Subscribe now to be be posted about the latest developments and updates.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.