Remote Code Exploitation through Bash

http://www.infoq.com/news/2014/09/bash-remote-exploit
https://www.digitalocean.com/community/tutorials/how-to-protect-your-server-against-the-shellshock-bash-vulnerability
http://www.pcweek.ru/foss/blog/foss/6963.php
https://launchpad.net/ubuntu/+source/bash/4.3-7ubuntu1.2
https://launchpad.net/ubuntu/+source/bash/4.3-7ubuntu1.3

nodeX:~ # env VAR='() { :; }; echo Bash is vulnerable!' bash -c "echo Bash Test"
Bash Test
nodeX:~ # ssh nodeY
nodeY:~ # env VAR='() { :; }; echo Bash is vulnerable!' bash -c "echo Bash Test"
Bash is vulnerable!
Bash Test
nodeY:~ # 

http://shellshock.brandonpotter.com/
http://www.shellshocktest.com/
http://bashsmash.ccsir.org/

if you have some old / EOL release:

mkdir src
cd src
wget http://ftp.gnu.org/gnu/bash/bash-4.3.tar.gz
#download all patches
for i in $(seq -f "%03g" 0 25); do wget     http://ftp.gnu.org/gnu/bash/bash-4.3-patches/bash43-$i; done
tar zxvf bash-4.3.tar.gz 
cd bash-4.3
#apply all patches
for i in $(seq -f "%03g" 0 25);do patch -p0 < ../bash43-$i; done
#build and install
./configure && make && make install
cd .. 
cd ..
rm -r src

ModSecurity2 to Apache HTTP Server (CentOS)

ModSecurity supplies an array of request filtering and other security features to the Apache HTTP Server, IIS and NGINX. ModSecurity is a web application layer firewall. ModSecurity is free software released under the Apache license 2.0.

“ModSecurity2 to Apache HTTP Server (CentOS)”Continue reading

Postfix: systemd-services – mailgraph.service

File of service:
/etc/systemd/system/mailgraph.service

Activating service:

gate:/etc/systemd/system # systemctl enable mailgraph.service
ln -s ‘/etc/systemd/system/mailgraph.service’ ‘/etc/systemd/system/multi-user.target.wants/mailgraph.service’
gate:/etc/systemd/system #

Content of unit file:
“Postfix: systemd-services – mailgraph.service”Continue reading

How do I set Skype status before login in

Not being able to set your status before logging in is something that, in effect, sucks. It double sucks when you consider how easy would be implementing that feature. So easy that you can, in fact, set your status before logging by just investing some seconds in modifying the file that stores all your account setup, called main.db.

“How do I set Skype status before login in”Continue reading

Scroll to top