The Shellshock vulnerability (CVE-2014-6271) allows attackers to execute arbitrary commands via crafted environment variables in Bash. In this example, the malicious command cat /etc/passwd is executed, displaying the contents of the file (which contains system user account info).
Reference – CEH v13 Official Study Guide:
Module 6: Malware Threats
Quote:
“Shellshock allows remote code execution through environment variables processed by Bash. Exploits can be used to run commands like cat /etc/passwd on a vulnerable system.”
Incorrect Options:
A. No file deletion occurs.
B. It doesn’t change passwords.
C. No user addition occurs.
===========
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit