ShellShock Attack: Let’s Defend Walkthrough

Hello, blue teamers. Today I am going to try my hand on another short and easy blue team exercise from Let’s Defend, titled Shellshock Attack

There’s also a Gitbooks version of the same alert, written by me.You can go ahead and check it out!

NOTE: Always remember to investigate challenges from Let’s Defend, on a VM.

Let's go for it!

Gist of the challenge

You must to find details of shellshock attacks

Log file: https://app.letsdefend.io/download/downloadfile/shellshock.zip
Pass: 321

Note: pcap file found public resources.

What is the Shellshock Vulnerability?

Quoting Wikipedia, Shellshock, also known as Bashdoor, is a family of security bugs in the Unix Bash shell, disclosed on 24 September 2014. Shellshock could enable an attacker to cause Bash to execute arbitrary commands and gain unauthorized access to many Internet-facing services, such as web servers, that use Bash to process requests.

In fact, Vulnhub also has a boot2root VM called Troll2, which is based upon the same vulnerability

Q)What is the server operating system?

Analyzing HTTP Packets give this answer (remember to expand them)

A)Ubuntu

Q)What is the application server and version running on the target system?

Analyzing the HTTP packet with the Internal Server error gives us our answer

A)Apache/2.2.22

Q)What is the exact command that the attacker wants to run on the target server?

A)/bin/ping -c1 10.246.50.2

Conclusion

This challenge was a breeze!

Thank you for reading this entry. Stay tuned, as I go hunting some pcap files out there….

Your opinion matters

My audience has a voice. Feel free to reach out to me, on my socials (links are on the side of this page) for any queries to be addressed. Dropping a sweet message would make my day

Let your opinion about this write-up be known, by giving it a clap!