Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: 'Shell Shock' vulnerability in Bourne shell
Special Forums Cybersecurity 'Shell Shock' vulnerability in Bourne shell Post 302918961 by gull04 on Friday 26th of September 2014 11:28:42 AM
Old 09-26-2014
Hi Guys,

Just an update here, I've been running around like an idiot for the past two and a bit days - having loads of attempts on web servers in particular. But have even had specific attacks on our firwall and other outward facing kit.

There have been attempts on our switches and routers, this is the most disaterous bug I can remember other than the version of Solaris 10 with "terry" the developers back door in the final release.

I have logs full of stuff like below - I've changed some of the stuff but you'll get the idea.

Code:
XXX.XXX.93.149 - - [25/Sep/2014:05:08:03 +0100] "GET /w00tw00t.at.blackhats.aaaaaa.aaaa-sec:) HTTP/1.1" 404 319 "-" "ZmEu"
XXX.XXX.93.149 - - [25/Sep/2014:05:08:03 +0100] "GET /something_here/scripts/setup.php HTTP/1.1" 404 306 "-" "ZmEu"
XXX.XX.69.74 - - [25/Sep/2014:18:53:51 +0100] "GET / HTTP/1.1" 200 2455 "() { :; }; /bin/ping -c 1 XXX.XXX.0.69" "() { :; }; /bin/ping -c 1 XXX.XXX.0.69"

Regards

Dave
These 2 Users Gave Thanks to gull04 For This Post:
Aia vbe
 

10 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

Bourne Shell and Arrays

Hi everyone, first post here so please be gentle :-) I normally likle to script in Bourne Shell simply for guarenteed compatibility across any system I might run across but this latest problem has me stumped. Arrays is a rather significant construct missing from sh and after finding a way to... (2 Replies)
Discussion started by: Unbeliever
2 Replies

2. UNIX for Dummies Questions & Answers

Bourne-again shell

Hi guys !! well i'm still new in learning UNIX , and actually i'm still studying it by myself .. anyway, some people told me the Bourne-again shell is a good version of UNIX to work on , and i tried to download yesterday but i didn't know how to start it ...... the ReadMe file associated with... (3 Replies)
Discussion started by: mrsamer
3 Replies

3. UNIX for Dummies Questions & Answers

bourne shell or korn shell?

Hi, I have a script that uses "nohup" command to execute a korn shell script. Which one is the correct shell to use bourne shell or korn shell to execute a korn shell? and why? Thanks in advanced. (2 Replies)
Discussion started by: XZOR
2 Replies

4. Shell Programming and Scripting

C shell & Bourne Shell

Hi Guys, My first post and simple one at that .. Really rusty with this shell scripting..\ I have a script called .. j.sh I am calling > j.sh LOG_PATH $BLMBRGDATA/blmbrg.properties where j.sh is grep $1 $2 | cut -d',' -f2 . $BLMBRGDATA is set to a directory path. why do i get :- $... (3 Replies)
Discussion started by: jsm66
3 Replies

5. Shell Programming and Scripting

I need to understand the differences between the bash shell and the Bourne shell

I do not claim to be an expert, but I have done things with scripts that whole teams of folks have said can not be done. Of course they should have said we do not have the intestinal fortitude to git-r-done. I have been using UNIX actually HPUX since 1992. Unfortunately my old computer died and... (7 Replies)
Discussion started by: awk_sed_hello
7 Replies

6. Shell Programming and Scripting

How to activate Korn Shell functionnalities in Bourne Shell

Hi All I have writing a Korn Shell script to execute it on many of our servers. But some servers don't have Korn Shell installed, they use Borne Shell. Some operations like calculation don't work : cat ${file1} | tail -$((${num1}-${num2})) > ${file2} Is it possible to activate Korn Shell... (3 Replies)
Discussion started by: madmat
3 Replies

7. Shell Programming and Scripting

Is there any command in the Bourne shell?

Hi, The problem I have is that I want to create a list of folders whose names are read from a text file but the file names are in decimal. Each letter consists of an octet and the end of the folder name is defined by the white space character (0032) For example, we have in the text... (2 Replies)
Discussion started by: Gengis-Kahn
2 Replies

8. Shell Programming and Scripting

help with bourne shell script

Attempting to write a script to eventually notify me via email for when there is packetloss across the backbone. I am looking for values greater than 0% in the mtr field. #!/bin/sh target=www.google.com date +"%D"_"%T" >> /home/rich/mtr.log echo "----------------------------------------" >>... (1 Reply)
Discussion started by: closedown
1 Replies

9. Shell Programming and Scripting

Bourne/C shell help

Exercise Five Write a Bourne shell script which: • Professionalism: plan for this from the start. • Has one command line argument. • If the command line argument is a directory then the script should output the number of files in the directory. • If the command line argument is an ordinary... (2 Replies)
Discussion started by: moesom
2 Replies

10. Shell Programming and Scripting

Bourne shell & Korn shell

Could some one tell me the difference btw Bourne shell and the Kshell? Which is more flexible and reliable in terms of portability and efficiency. When i type the following command .. $ echo $SHELL yields me /bin/sh Does this tells me that I am in Bourne shell. If yes, how can i get... (6 Replies)
Discussion started by: bobby1015
6 Replies

LEARN ABOUT DEBIAN

rats

RATS(1) 						      General Commands Manual							   RATS(1)

NAME

       rats - Rough Auditing Tool for Security

SYNOPSIS

       rats [options] [file]...

DESCRIPTION

       rats  is  a  rough auditing tool for security developed by Secure Software, Inc.  It is a tool for scanning C, Perl, PHP, and Python source
       code and flagging common security related programming errors such as buffer overflows and TOCTOU (Time Of Check, Time Of Use)  race  condi-
       tions.	As  its  name  implies,  the  tool performs only a rough analysis of source code.  It will not find every error and will also find
       things that are not errors.  Manual inspection of your code is still necessary, but greatly aided with this tool.

       When started, RATS will scan each file or each file in the directory specified on the command line and produce a report	when  scanning	is
       complete.   What  vulnerabilities  are reported in the final report depend on the data contained in the vulnerability database or databases
       that are used and the warning level in use.

       For each vulnerability, the list of files and line numbers where it occured is given, followed by a brief description of the  vulnerability
       and suggested action.

OPTIONS

       -h, --help
	      Displays a brief usage summary and exit.

       -a <fun>
	      Report any occurence of function 'fun' in the source file(s)

       -d <filename>, --database <filename>, --db <filename>
	      Specifies a vulnerability database to be loaded.	You may have multiple -d options and each database specified will be loaded.

       -i, --input
	      Causes a list of function calls that were used which accept external input to be produced at the end of the vulnerability report.

       -l <lang>, --language <language>
	      Force the specified language to be used regardless of filename extension.  Currently valid language names are "c", "perl", "php" and
	      "python".

       -r, --references
	      Causes references to vulnerable function calls that are not being used as calls themselves to be reported.

       -w <level>, --warning <level>
	      Sets the warning level. Valid levels are 1, 2 or 3.

	      1 includes only default and high severity.

	      2 includes medium severity (default).

	      3 includes low severity vulnerabilities.

       -x     Causes the default vulnerability databases (which are in the installation data directory, /usr/share/rats  by  default)  to  not	be
	      loaded.

       -R, --no-recurssion
	      Do not recurse subdirectories when encountered.

       --xml  Output in XML

       --html Output in HTML

       --follow-symlinks
	      Follow  symlinks	and treat them like whatever they are pointing to.  If the symlink points to a directory it will be descended into
	      unless -R is specified, if a pointing to a file, it will be treated as a file.

AUTHOR

       This manual page was orginally written by Adam Lazur <adam@lazur.org>, for the Debian GNU/Linux system (but may be used by others).

       Modified by Secure Software, Inc.

								September 17, 2001							   RATS(1)
All times are GMT -4. The time now is 04:48 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy