Syracuse University
Shellshock Vulnerability Lab
Lab Overview
On September 24, 2014, a severe vulnerability in Bash was identified, and it is called Shellshock. This affects many systems. The vulnerability can be easily exploited either remotely or from a local machine. In this lab, students need to work on this attack, so they can understand the Shellshock vulnerability.Lab Description and Tasks (PDF)
-
For instructors: if you prefer to modify the lab description
to suit your own courses, you can download the source files (Latex)
from here.
VM Version: This lab is based on the SEED Ubuntu 12.04 VM.
Recommended Time:
- Supervised lab environment: 2 hours
- Unsupervised environment (e.g. take-home project): 1 week
Lecture Video (made by Carter Yagemann): (watch)
Files that are Needed
- variables.c (the vulnerable Bash program)