Unless you were living under the rock for the last 2 weeks or so, you probably heard about a vulnerability in Bourne Again Shell (BASH), aka “Shellshock” (who comes up with those names?!) aka “Bash bug” aka “OMG! Internet is coming to an end” aka… you get the idea :)
Working in security field, I have heard about it a lot, maybe even too much in the last couple weeks and, after it has been publicly announced, I saw lots of failed exploitation attempts hitting Internet facing servers under my jurisdiction.
I have researched the vulnerability (CVE-2014-6271 and other flavours of it) a fair bit, saw heaps of malicious traffic, but actually never seen a successful exploit (well, that’s a good thing I guess…) and never had a chance to play with it on an actual vulnerable machine.
And yet, here it comes vulnhub.com again with a tiny VM created specifically for this purpose - to get your hands dirty with this particular vulnerability. So… let’s get started, shall we?