Shellshock Attack Lab

Overview

On September 24, 2014, a severe vulnerability in Bash was identified, and it is called Shellshock. This affects many systems. The vulnerability can be easily exploited either remotely or from a local machine. In this lab, students need to work on this attack, so they can understand the Shellshock vulnerability.

Lab Tasks (Description) (Video)

• For instructors: if you prefer to customize the lab description to suit your own courses, here are our Latex source files.
• VM version: This lab has been tested on our pre-built SEEDUbuntu12.04 VM.

Recommended Time:

• Supervised situation (e.g. a closely-guided lab session): 2 hours
• Unsupervised situation (e.g. take-home project): 1 week

Files that are Needed

• variables.c (the vulnerable Bash program)

Helpful Documents

• Carter's Shellshock BitBucket
• Icamtuf Blogpost on Shellshock

Suggested Reading

• SEED Book: Wenliang Du. Computer Security: A Hands-on Approach (Chapter 3).

SEED Project

• Home Page