| ↑back Search ←Prev date Next date→ Show only urls | (Click on time to select a line by its url) |
| Who | What | When |
|---|---|---|
| *** | vissborg has quit IRC (Remote host closed the connection)
vissborg has joined #arpnetworks | [00:15] |
| ............. (idle for 1h3mn) | ||
| LT has joined #arpnetworks | [01:21] | |
| ................. (idle for 1h23mn) | ||
| DaCa_ is now known as DaCa | [02:44] | |
| ......................... (idle for 2h1mn) | ||
| zhangxiaobao has joined #arpnetworks | [04:45] | |
| .............. (idle for 1h7mn) | ||
| zhangxiaobao has quit IRC (Remote host closed the connection) | [05:52] | |
| ........ (idle for 37mn) | ||
| medum has quit IRC (Quit: Lost terminal) | [06:29] | |
| .............................. (idle for 2h29mn) | ||
| LT has quit IRC (Quit: Leaving) | [08:58] | |
| .................................................................................. (idle for 6h47mn) | ||
| medum has joined #arpnetworks | [15:45] | |
| ............................................................ (idle for 4h57mn) | ||
| mnathani | is there a shell based utility to test bash vulnerability of remote web servers? | [20:42] |
| .......... (idle for 46mn) | ||
| m0unds | there's a command you can run to test it
well, a number of them i guess env x='() { :;}; echo vulnerable' bash -c "echo this is a test" that's one | [21:28] |
| ....... (idle for 32mn) | ||
| brycec | mnathani: Since it varies by path (eg, I can't just open :443 and throw packets at it), to my knowledge no such utility is really useful
mnathani: But you can throw it in a curl pretty easily, since that's all it takes something like curl -A "env x='() { :;}; echo vulnerable' bash -c "echo this is a test"" http://server/insecure.cgi throw that into a loop even up_the_irons: *bump* ticket (not that it's urgent, but want to make sure you've seen it) (yes I got the autoresponder, so I know it's been received) | [22:01] |
| m0unds | oh, i misinterpreted it - just assumed remote webservers meant boxes in your control with shell access | [22:09] |
| mercutio | env X="() { :;} ; echo shellshock" `which bash` -c "echo completed"
this is what i use to test it if it says shellshock it's vulnerable oh that's basically the same as what you said | [22:14] |
| brycec | Almost verbatim :P | [22:15] |
| mercutio | but basically all bash instances are vulnerable.
testing on server is good enough don't need to test remote vulnerable update bash on *all* systems | [22:15] |
| brycec | I think the scenario is that mnathani wants to be able to tell Google (for example) their server needs updating, hence the "of remote web servers" | [22:15] |
| mercutio | oh right | [22:16] |
| brycec | Where "Google" is probably replaced by acquaintences, clients, sales prospects, etc | [22:16] |
| mercutio | that's probably illegal
here i dunno what it's like there. | [22:16] |
| brycec | Grey area, as all pen-testing tends to be without documents | [22:16] |
| ↑back Search ←Prev date Next date→ Show only urls | (Click on time to select a line by its url) |