env x=`(){ :;};echo exploit` bash -c ‘cat /etc/passwd’
What is the Shellshock bash vulnerability attempting to do on an vulnerable Linux host?
A.
Display passwd content to prompt
B.
Removes the passwd file
C.
Changes all passwords in passwd
D.
Add new user to the passwd file
Explanation:
To extract private information, attackers are using a couple of techniques. The simplest extraction attacks are
in the form:
() {:;}; /bin/cat /etc/passwd
That reads the password file /etc/passwd, and adds it to the response from the web server. So an attackerinjecting this code through the Shellshock vulnerability would see the password file dumped out onto their
screen as part of the web page returned.
https://blog.cloudflare.com/inside-shellshock/
Once an attacker has this list of shares, the next step is to connect to a share and view
the data. This is easy to do at this point by using the net use command:
net use s: \\zelda\(shared folder name)