Shellshock demo set-up and POC

I’m not sure if everyone has been made aware of this, but a BASH vulnerability has been discovered… /sarcasm

OK, seriously, as everyone has heard by now, “Shellshock” is the new hot topic right now. Since I am one who learns by doing, I decided to give it a go, and see exactly how it works. My first instinct was to see how it works against the SSH protocol (CGI write up is coming soon). Now that I see what it actually is, I see that it would take an extraordinary set of circumstances for it to be a viable method of gaining entry (at least through SSH), but should those circumstances be present in your environment, it could be devastating (So make sure you patch everything up!).