forked from p15670423/monkey
Docs: Remove ShellShock documentation
This commit is contained in:
parent
291755e5c9
commit
fe3b263398
|
@ -26,7 +26,7 @@ You can take a look at [our roadmap](https://github.com/guardicore/monkey/projec
|
||||||
|
|
||||||
The best way to find weak spots in a network is by attacking it. The [*Adding Exploits*](./adding-exploits/) page will help you add exploits.
|
The best way to find weak spots in a network is by attacking it. The [*Adding Exploits*](./adding-exploits/) page will help you add exploits.
|
||||||
|
|
||||||
It's important to note that the Infection Monkey must be absolutely reliable. Otherwise, no one will use it, so avoid memory corruption exploits unless they're rock solid and focus on the logical vulns such as Shellshock.
|
It's important to note that the Infection Monkey must be absolutely reliable. Otherwise, no one will use it, so avoid memory corruption exploits unless they're rock solid and focus on the logical vulns such as Hadoop.
|
||||||
|
|
||||||
### Analysis plugins 🔬
|
### Analysis plugins 🔬
|
||||||
|
|
||||||
|
|
|
@ -1,11 +0,0 @@
|
||||||
---
|
|
||||||
title: "ShellShock"
|
|
||||||
date: 2020-07-14T08:41:32+03:00
|
|
||||||
draft: false
|
|
||||||
tags: ["exploit", "linux"]
|
|
||||||
---
|
|
||||||
### Description
|
|
||||||
|
|
||||||
This exploit, CVE-2014-6271, is based on the [logic in NCC group's GitHub](https://github.com/nccgroup/shocker/blob/master/shocker.py).
|
|
||||||
|
|
||||||
> In GNU Bash (through 4.3), processes trailing strings after function definitions in the values of environment variables allow remote attackers to execute arbitrary code via a crafted environment. This is demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients and other situations in which setting the environment occurs across a privilege boundary from Bash execution, AKA "ShellShock."
|
|
Loading…
Reference in New Issue