diff --git a/docs/content/development/_index.md b/docs/content/development/_index.md index 37a5978e7..85b15adcb 100644 --- a/docs/content/development/_index.md +++ b/docs/content/development/_index.md @@ -26,7 +26,7 @@ You can take a look at [our roadmap](https://github.com/guardicore/monkey/projec The best way to find weak spots in a network is by attacking it. The [*Adding Exploits*](./adding-exploits/) page will help you add exploits. -It's important to note that the Infection Monkey must be absolutely reliable. Otherwise, no one will use it, so avoid memory corruption exploits unless they're rock solid and focus on the logical vulns such as Shellshock. +It's important to note that the Infection Monkey must be absolutely reliable. Otherwise, no one will use it, so avoid memory corruption exploits unless they're rock solid and focus on the logical vulns such as Hadoop. ### Analysis plugins 🔬 diff --git a/docs/content/reference/exploiters/shellshock.md b/docs/content/reference/exploiters/shellshock.md deleted file mode 100644 index 20aee282f..000000000 --- a/docs/content/reference/exploiters/shellshock.md +++ /dev/null @@ -1,11 +0,0 @@ ---- -title: "ShellShock" -date: 2020-07-14T08:41:32+03:00 -draft: false -tags: ["exploit", "linux"] ---- -### Description - -This exploit, CVE-2014-6271, is based on the [logic in NCC group's GitHub](https://github.com/nccgroup/shocker/blob/master/shocker.py). - -> In GNU Bash (through 4.3), processes trailing strings after function definitions in the values of environment variables allow remote attackers to execute arbitrary code via a crafted environment. This is demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients and other situations in which setting the environment occurs across a privilege boundary from Bash execution, AKA "ShellShock."