It looks nice a pentest sample report.
http://www.offensive-security.com/penetration-testing-sample-report.pdf
Thursday 30 October 2014
Thursday 23 October 2014
Shellshock
Shellshock, also known as Bashdoor, is a family of security bugs in the widely used Unix Bash shell, the first of which was disclosed on 24 September 2014. Many Internet-facing services, such as some web server deployments, use Bash to process certain requests, allowing an attacker to cause vulnerable versions of Bash to execute arbitrary commands. This can allow an attacker to gain unauthorized access to a computer system.
Point of the vulnerability: ':() { :; };'
How to fix
CentOS, Ubuntu, Linux systems
[yum]
yum update bash -y
[apt-get]
apt-get update; apt-get install --only-upgrade bash
[pacman]
pacman -Syu
OS X
[Brew]
brew update
brew install bash
sudo sh -c 'echo "/usr/local/bin/bash" >> /etc/shells'
chsh -s /usr/local/bin/bash
sudo mv /bin/bash /bin/bash-backup
sudo ln -s /usr/local/bin/bash /bin/bash
[MacPorts]
sudo port selfupdate
sudo port upgrade bash
How to fix
CentOS, Ubuntu, Linux systems
[yum]
yum update bash -y
[apt-get]
apt-get update; apt-get install --only-upgrade bash
[pacman]
pacman -Syu
OS X
[Brew]
brew update
brew install bash
sudo sh -c 'echo "/usr/local/bin/bash" >> /etc/shells'
chsh -s /usr/local/bin/bash
sudo mv /bin/bash /bin/bash-backup
sudo ln -s /usr/local/bin/bash /bin/bash
[MacPorts]
sudo port selfupdate
sudo port upgrade bash
Reference:
[gry/shellshock-scanner]
https://github.com/gry/shellshock-scanner
https://github.com/gry/shellshock-scanner/blob/master/shellshock_scanner.py
https://shellshocker.net/
Subscribe to:
Posts (Atom)