CVE-2014-6271 PoC — GNU Bash 远程代码执行漏洞

Source

https://github.com/sunnyjiang/shellshocker-android

Associated Vulnerability

Title:GNU Bash 远程代码执行漏洞 (CVE-2014-6271)
Description:GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka "ShellShock." NOTE: the original fix for this issue was incorrect; CVE-2014-7169 has been assigned to cover the vulnerability that is still present after the incorrect fix.

Description

This is an Android Application that helps you detect if your machine that run bash is vulnerable by CVE-2014-6271

Readme

shellshocker-android
====================
This is an Android Application that helps you detect if your machine that run bash is vulnerable by CVE-2014-6271

Stefano Belli,
<(C) Copyleft, share, rebuild, modify, redistribuite as you think it should be better

Google+: <http://plus.google.com/+StefanoBelli>
WebSite: <http://www.inthebit.it>
Next update ready, i will upload nextly.

File Snapshot


 [4.0K]  /data/pocs/ba20327770f6b184e102b9398ec87b80c02dd2a0
├── [4.0K]  app
│   ├── [6.8K]  app.iml
│   ├── [ 594]  build.gradle
│   ├── [ 693]  proguard-rules.pro
│   └── [4.0K]  src
│       ├── [4.0K]  androidTest
│       │   └── [4.0K]  java
│       │       └── [4.0K]  it
│       │           └── [4.0K]  stefanobelli
│       │               └── [4.0K]  shellshocker
│       │                   └── [ 359]  ApplicationTest.java
│       └── [4.0K]  main
│           ├── [1.8K]  AndroidManifest.xml
│           ├── [4.0K]  java
│           │   └── [4.0K]  it
│           │       └── [4.0K]  stefanobelli
│           │           └── [4.0K]  shellshocker
│           │               ├── [7.0K]  MainActivity.java
│           │               └── [ 510]  WarningActivity.java
│           └── [4.0K]  res
│               ├── [4.0K]  drawable-hdpi
│               │   └── [9.2K]  ic_launcher.png
│               ├── [4.0K]  drawable-mdpi
│               │   └── [5.1K]  ic_launcher.png
│               ├── [4.0K]  drawable-xhdpi
│               │   └── [ 14K]  ic_launcher.png
│               ├── [4.0K]  drawable-xxhdpi
│               │   └── [ 19K]  ic_launcher.png
│               ├── [4.0K]  layout
│               │   ├── [3.8K]  activity_main.xml
│               │   └── [ 870]  layout_warning.xml
│               ├── [4.0K]  menu
│               │   └── [ 584]  menu_main.xml
│               ├── [4.0K]  values
│               │   ├── [ 211]  dimens.xml
│               │   ├── [1.0K]  strings.xml
│               │   └── [ 313]  styles.xml
│               ├── [4.0K]  values-it-rIT
│               │   └── [1.1K]  strings.xml
│               └── [4.0K]  values-w820dp
│                   └── [ 358]  dimens.xml
├── [4.0K]  build
│   └── [4.0K]  intermediates
│       ├── [4.0K]  dex-cache
│       │   └── [1.9K]  cache.xml
│       └── [ 71K]  model_data.bin
├── [ 436]  build.gradle
├── [4.0K]  gradle
│   └── [4.0K]  wrapper
│       ├── [ 49K]  gradle-wrapper.jar
│       └── [ 232]  gradle-wrapper.properties
├── [ 855]  gradle.properties
├── [5.0K]  gradlew
├── [2.3K]  gradlew.bat
├── [ 464]  local.properties
├── [ 381]  README.md
├── [  15]  settings.gradle
└── [ 877]  Shellshocker.iml

27 directories, 31 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!