Agnus Dei (jackal) wrote,
Agnus Dei
jackal

Script to test for ShellShock (both vulnerabilities)

[root@xxxxxx ~]# cat /tmp/bash_test 
#!/bin/bash
#Vulnerability #1
for i in `type -a bash| egrep -o "/.*"`; 
do 
        /bin/echo -n "Vul#1: $i " ; 
        x="() { :; };t=un" $i -c 'echo  is ${t}safe' 2>/dev/null; 
done

#Vulnerability #2
for i in `type -a bash| egrep -o "/.*"`; 
do  
        cd /tmp; 
        rm -f /tmp/echo; 
        env 'x=() { (a)=>\' bash -c "echo date" 2>/dev/null; 
        cat /tmp/echo 2>/dev/null | egrep "[0-9]+ [0-9]+:[0-9]+:[0-9]+" >/dev/null && echo "Vul#2: $i is unsafe" ; 
done

Subscribe
  • Post a new comment

    Error

    Anonymous comments are disabled in this journal

    default userpic

    Your reply will be screened

  • 0 comments