Winter 2023 CS Comps
Exploiting Security Vulnerabilities
Shellshock
CVE-2014-6271
Shellshock is a critical remote code execution vulnerability affording escalated privileges to attackers, which allow them to compromise systems at will.
Shellshock allows systems containing a vulnerable version of Bash to be exploited to execute commands with higher privileges. This allows attackers to potentially take over that system.
The Bash bug poses a serious threat as it is very easy to execute an attack, and requires little technical expertise to do so.
Random Shellshock graph LINK
Typical Shellshock exploits attempt remote command execution by telling Bash to assign an empty function declaration to an environment variable
Impact
Yahoo's Servers Hacked
Security researcher Jonathan Hall says he has found evidence that Romanian hackers used the Shellshock bug to gain access to Yahoo servers, according to a post on his website Future South.
​
In an email to Bloomerg Businesseek, Yahoo confirmed that three of its servers had been hacked using the Shellshock vulnerability. Company spokesperson Elisa Shyu said, "As soon as we became aware of the issue, we began patching our systems and have been closely monitoring our network, we isolated a handful of our impacted servers and at this time we have no evidence of a compromise to user data.”
Botnet Attacks
The shellshock attacks were used to infect thousands of machines with malware designed to make them part of a botnet of computers that obey hackers' commands.
In at least one case the hijacked machines are already launching distributed denial of service (DoS) attacks that flood victims with junk traffic, according to security researchers.
Shellshock & Bash Functions
What is Bash?
Bash is a command-line interface shell program used extensively in Linux and macOS. The name Bash is an acronym for “Bourne Again Shell,” developed in 1989 as a successor to the Bourne Shell.
​
“What’s a Shell?” you ask?
​
When you open your Terminal, the Shell is the name of the program that runs in the terminal.
Please note that the terminal is a dumb thing, and it does not know what to do with any user input. When you input a command into that window and hit enter key, that input goes to another program to process it, and in most cases, it’s the Shell.
Bash Functions
Like REAL programming languages, Bash has functions, though in a somewhat limited implementation. A function is a subroutine, a code block that implements a set of operations. Wherever there is repetitive code, consider using a function.
​
Bash functions can be used in .sh files and may be "compacted" into a single line.
You may define a bash function with following syntax
​
function_name () { commands; }
​
That all sounds great. However, what if, for some reason, I defined a function in one shell, and wanted to invoke that function new instance of bash, as a subprocess?
​
Well, unfortunately, subprocesses don't inherit the function definitions.
However, they do inherit the environment variables.
​
So what if we made our functions environment variables?!
We are geniuses 🤩
​
However, here's something sketchy 🫣.
The functions are actually just like regular environment variables. When our subprocess (the second shell) opens and reads it's inherited environment variables, and see's something that looks like a function, it evaluates it. However, here is the bug: the evaluation of the variable does not stop at the end of the function definition. It kepts going.
​
This meant that even if we defined our function like this:
function_name () { commands; } sketchy code
​
The evaluation wouldn't end at the bracket, where our function ends. It will continue until it reaches our sketchy code, and it will execute the code!
The bug makes it possible for hackers to trick Web servers into running any commands that follow a carefully crafted series of characters in an HTTP request.