Shellshock checking

Moving away from the standard style of attacks against web servers, we're going to quickly look at Shellshock, a vulnerability that allowed attackers to make shell commands through specific headers. This vulnerability reared its head in 2014 and gained momentum quickly as one of the biggest vulnerabilities of the year. While it has now been mostly fixed, it's a good example of how web servers can be manipulated to perform more complex attacks and are likely to be a frequent target in common transfer files (CTFs) for years to come.

We will create a script that pulls down the headers of a page, identifies whether the vulnerable headers are present, and submits an example payload to that header. This script relies on external ...

Get Python: Penetration Testing for Developers now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.