Advertisement
opexxx

shellshock_tester.sh

Oct 7th, 2014
379
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Bash 2.55 KB | None | 0 0
  1. #!/bin/bash
  2. EXITCODE=0
  3.  
  4. # CVE-2014-6271
  5. CVE20146271=$(env 'x=() { :;}; echo vulnerable' 'BASH_FUNC_x()=() { :;}; echo vulnerable' bash -c "echo test" 2>&1 | grep 'vulnerable' | wc -l)
  6.  
  7. echo -n "CVE-2014-6271 (original shellshock): "
  8. if [ $CVE20146271 -gt 0 ]; then
  9.     echo -e "\033[91mVULNERABLE\033[39m"
  10.     EXITCODE=$((EXITCODE+1))
  11. else
  12.     echo -e "\033[92mnot vulnerable\033[39m"
  13. fi
  14.  
  15. # CVE-2014-6277
  16. CVE20146277=$((bash -c "f() { x() { _;}; x() { _;} <<a; }" 2>/dev/null || echo vulnerable) | grep 'vulnerable' | wc -l)
  17.  
  18. echo -n "CVE-2014-6277 (segfault): "
  19. if [ $CVE20146277 -gt 0 ]; then
  20.     echo -e "\033[91mVULNERABLE\033[39m"
  21.     EXITCODE=$((EXITCODE+2))
  22. else
  23.     echo -e "\033[92mnot vulnerable\033[39m"
  24. fi
  25.  
  26. # CVE-2014-6278
  27. CVE20146278=$(shellshocker='() { echo vulnerable; }' bash -c shellshocker 2>/dev/null | grep 'vulnerable' | wc -l)
  28.  
  29. echo -n "CVE-2014-6278 (Florian's patch): "
  30. if [ $CVE20146278 -gt 0 ]; then
  31.     echo -e "\033[91mVULNERABLE\033[39m"
  32.     EXITCODE=$((EXITCODE+4))
  33. else
  34.     echo -e "\033[92mnot vulnerable\033[39m"
  35. fi
  36.  
  37. # CVE-2014-7169
  38. CVE20147169=$((cd /tmp; rm -f /tmp/echo; env X='() { (a)=>\' bash -c "echo echo nonvuln" 2>/dev/null; [[ "$(cat echo 2> /dev/null)" == "nonvuln" ]] && echo "vulnerable" 2> /dev/null) | grep 'vulnerable' | wc -l)
  39.  
  40. echo -n "CVE-2014-7169 (taviso bug): "
  41. if [ $CVE20147169 -gt 0 ]; then
  42.     echo -e "\033[91mVULNERABLE\033[39m"
  43.     EXITCODE=$((EXITCODE+8))
  44. else
  45.     echo -e "\033[92mnot vulnerable\033[39m"
  46. fi
  47.  
  48. # CVE-2014-7186
  49. CVE20147186=$((bash -c 'true <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF' 2>/dev/null || echo "vulnerable") | grep 'vulnerable' | wc -l)
  50.  
  51. echo -n "CVE-2014-7186 (redir_stack bug): "
  52. if [ $CVE20147186 -gt 0 ]; then
  53.     echo -e "\033[91mVULNERABLE\033[39m"
  54.     EXITCODE=$((EXITCODE+16))
  55. else
  56.     echo -e "\033[92mnot vulnerable\033[39m"
  57. fi
  58.  
  59. # CVE-2014-7187
  60. CVE20147187=$(((for x in {1..200}; do echo "for x$x in ; do :"; done; for x in {1..200}; do echo done; done) | bash || echo "vulnerable") | grep 'vulnerable' | wc -l)
  61.  
  62. echo -n "CVE-2014-7187 (nested loops off by one): "
  63. if [ $CVE20147187 -gt 0 ]; then
  64.     echo -e "\033[91mVULNERABLE\033[39m"
  65.     EXITCODE=$((EXITCODE+32))
  66. else
  67.     echo -e "\033[92mnot vulnerable\033[39m"
  68. fi
  69.  
  70. # CVE-2014-////
  71. CVE2014=$(env X=' () { }; echo vulnerable' bash -c 'date' | grep 'hello' | wc -l)
  72.  
  73. echo -n "CVE-2014-//// (exploit 3 on http://shellshocker.net/): "
  74. if [ $CVE2014 -gt 0 ]; then
  75.     echo -e "\033[91mVULNERABLE\033[39m"
  76.     EXITCODE=$((EXITCODE+64))
  77. else
  78.     echo -e "\033[92mnot vulnerable\033[39m"
  79. fi
  80.  
  81. exit $EXITCODE
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement