Moving away from the standard style of attacks against web servers, we're going to quickly look at Shellshock, a vulnerability that allowed attackers to make shell commands through specific headers. This vulnerability reared its head in 2014 and gained momentum quickly as one of the biggest vulnerabilities of the year. While it has now been mostly fixed, it's a good example of how web servers can be manipulated to perform more complex attacks and are likely to be a frequent target in common transfer files (CTFs) for years to come.
We will create a script that pulls down the headers of a page, identifies whether the vulnerable headers are present, and submits an example payload to that header. This script relies on external infrastructure supporting this attack to collect compromised device call-outs.
Identify the URL you wish to test. Once you've identified your target web page, pass it to the script as a sys.argv
: