#arpnetworks 2014-09-26,Fri

↑back Search ←Prev date Next date→ Show only urls(Click on time to select a line by its url)

WhoWhatWhen
***vissborg has quit IRC (Remote host closed the connection)
vissborg has joined #arpnetworks
[00:15]
............. (idle for 1h3mn)
LT has joined #arpnetworks [01:21]
................. (idle for 1h23mn)
DaCa_ is now known as DaCa [02:44]
......................... (idle for 2h1mn)
zhangxiaobao has joined #arpnetworks [04:45]
.............. (idle for 1h7mn)
zhangxiaobao has quit IRC (Remote host closed the connection) [05:52]
........ (idle for 37mn)
medum has quit IRC (Quit: Lost terminal) [06:29]
.............................. (idle for 2h29mn)
LT has quit IRC (Quit: Leaving) [08:58]
.................................................................................. (idle for 6h47mn)
medum has joined #arpnetworks [15:45]
............................................................ (idle for 4h57mn)
mnathaniis there a shell based utility to test bash vulnerability of remote web servers? [20:42]
.......... (idle for 46mn)
m0undsthere's a command you can run to test it
well, a number of them i guess
env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
that's one
[21:28]
....... (idle for 32mn)
brycecmnathani: Since it varies by path (eg, I can't just open :443 and throw packets at it), to my knowledge no such utility is really useful
mnathani: But you can throw it in a curl pretty easily, since that's all it takes
something like curl -A "env x='() { :;}; echo vulnerable' bash -c "echo this is a test"" http://server/insecure.cgi

throw that into a loop even
up_the_irons: *bump* ticket (not that it's urgent, but want to make sure you've seen it)
(yes I got the autoresponder, so I know it's been received)
[22:01]
m0undsoh, i misinterpreted it - just assumed remote webservers meant boxes in your control with shell access [22:09]
mercutioenv X="() { :;} ; echo shellshock" `which bash` -c "echo completed"
this is what i use to test it
if it says shellshock it's vulnerable
oh that's basically the same as what you said
[22:14]
brycecAlmost verbatim :P [22:15]
mercutiobut basically all bash instances are vulnerable.
testing on server is good enough
don't need to test remote vulnerable
update bash on *all* systems
[22:15]
brycecI think the scenario is that mnathani wants to be able to tell Google (for example) their server needs updating, hence the "of remote web servers" [22:15]
mercutiooh right [22:16]
brycecWhere "Google" is probably replaced by acquaintences, clients, sales prospects, etc [22:16]
mercutiothat's probably illegal
here
i dunno what it's like there.
[22:16]
brycecGrey area, as all pen-testing tends to be without documents [22:16]

↑back Search ←Prev date Next date→ Show only urls(Click on time to select a line by its url)