ShellShock Attack Demonstration

  Рет қаралды 58,847

quidsup

quidsup

Күн бұрын

Пікірлер: 43
@stewved
@stewved 10 жыл бұрын
Using a BASH vunerability, which was patched within days, on a purposefuly un-updated Linux system, to KILL a Windows system, by using an old, known, and as yet unpatched Windows vunerability :D Very well done, Quids :)
@x-p-h-i-l-e
@x-p-h-i-l-e 10 жыл бұрын
I still can't believe this has been around for like 20 years... Madness I say.
@iburley_
@iburley_ 10 жыл бұрын
Great video. I particularly like your blow to Flash, cracked me up pretty good.
@RaveYoda
@RaveYoda 10 жыл бұрын
I don't recall if it was you or another youtuber who enlightened me to this trick, but, I liked how you used the IPv6 exploit to kill the Win Machine. I heard about that windows flaw some time back and I laughed. MSoft's reply to the vulnerability was "We don't care." XD Goo MSoft not caring.
@quidsup
@quidsup 10 жыл бұрын
It might have been me, I did a video on it a couple of years or so ago before Windows 8 was released.
@RaveYoda
@RaveYoda 10 жыл бұрын
***** Ether way, kudos on the display. =] I hope more people take notice of that flaw.
@tostoday
@tostoday 10 жыл бұрын
Shell Shock Attack - sounds like a cool Linux game :)
@HigherPlanes
@HigherPlanes 10 жыл бұрын
Good stuff man. Just shows that people's minds are more vulnerable than their computers.
@alcesmir
@alcesmir 10 жыл бұрын
***** I'm a bit confused about this one. The exact way you use here already requires access to a shell on the machine (which means you more or less have control of the box already). And even ignoring that, I don't see the reason of actually using the exploit here. It doesn't seem to be necessary. I suppose a real attack would try to use the exploit to push the two lines of code (the mknod and the netcat line) for the reverse shell through http requests or something (if you wanted to attack a web server)? That would warrant the use of the exploit and would actually make sense (in my head). Oh, and the code on your website seems a bit off, the netcat line seem to have lost most content (probably due to being treated weirdly or something, I guess).
@markgraziano1201
@markgraziano1201 8 жыл бұрын
my thoughts exactly. If you already have a shell on a machine that's behind the firewall to perform the second half of the netcat initiation...what's the exploit? Maybe I'm confused...
@shortcutDJ
@shortcutDJ 10 жыл бұрын
i loved your xbmc video's... but this video made want to hit the subscribe button. seems like you upgraded your camera... looking sharp brother. keep up the good work. cheerio from Belgium. subbed.
@CyberiadPhoenix
@CyberiadPhoenix 10 жыл бұрын
a patch was release that makes it ignore any commands given through this attack
@klikkolee
@klikkolee 10 жыл бұрын
I am having difficulties understanding were the shellshock bug really makes a difference. under what circumstances would the code not run in the first place?
@ohdung
@ohdung 10 жыл бұрын
I rather liked this video and how you demoed how the exploit can be used against Windows machines as well.
@atarixle
@atarixle 9 жыл бұрын
I still don't get the difference between sending the command via shell shock and sending them directly. Can you demo this or explain? Somehow I don't see a reason why you can't just type the attacing command without a function declaration at the beginning. You already have the shell access.
@ClawSpike
@ClawSpike 10 жыл бұрын
your Windows hatred runs deeply. You took a Linux vulnerability and used it to down a Windows machine. I still liked the video.
@tostoday
@tostoday 10 жыл бұрын
Lol, Quids is cool.
@joelevi8531
@joelevi8531 10 жыл бұрын
Thank you for the video, but I have to admit, at 2:08 you type in a username and password to gain access. This is the equivalent of me making a video on how to physically break into a bank, and the first thing I say is "First, you just need to walk into the bank, past the guard, and then punch the combination into the vault door. OK, now that we are in, I can perform these other actions" - I think there is something to be said for the username / password for the unit still being a huge hurdle for most attackers.
@tim8190
@tim8190 8 жыл бұрын
u said its on 100% forever rly or just till reboot / atk stops
@mariusa5754
@mariusa5754 8 жыл бұрын
Have Microsoft fixed the IPv6 exploit? Can you turn off IPv6 in Windows to stop the attack? Does anything actually use IPv6 yet?
@rusticpineapple787
@rusticpineapple787 8 жыл бұрын
Time to test this on my school website >:D
@austinmurphy9074
@austinmurphy9074 5 жыл бұрын
its been 3 years, have u been arrested yet?
@KarnKaul
@KarnKaul 10 жыл бұрын
This was amazing!
@psychotheo
@psychotheo 9 жыл бұрын
***** what processor do you have and how much ram?
@danielrobinson2281
@danielrobinson2281 10 жыл бұрын
Song at the end?
@JackMorgan873
@JackMorgan873 10 жыл бұрын
Darude - Sandstorm
@danielrobinson2281
@danielrobinson2281 10 жыл бұрын
Lol found out n e way
@Kxshou
@Kxshou 10 жыл бұрын
***** *any
@JackMorgan873
@JackMorgan873 10 жыл бұрын
N e*
@shafnet
@shafnet 10 жыл бұрын
Phase one : CVE-2014-6271 Phase two : CVE-2014-7186 + CVE-2014-7187 Keep patching folks as the first patch is not enough If in doubt due to the lag in releases (debian, RHEL CentOS) you can patch manually using this neat script as an example dmsimard.com/2014/09/25/the-bash-cve-2014-6271-shellshock-vulnerability/
@funkeypigeon
@funkeypigeon 10 жыл бұрын
ive never actually seen someone who uses Linux before... looks ok
@steveokinevo
@steveokinevo 10 жыл бұрын
Ya know what bugs me is all these tw*ts posting on quids videos talking about his hatred for windows. Give it up, no need to slate the man. He is a network master, and is clearly showing the implications this type of attack could have against a windows system on a network. From a security standpoint linux will always have the edge over windows. Upon release of the bug in bash it has been patched. The joys of the open source world.
@blackneos940
@blackneos940 9 жыл бұрын
I LOVE Bubblemon and the Ghost Theme..... :3 Oh, hey, I commented something like that 6 MONTHS ago..... :) High past self!!..... ^^
@thingyee1118
@thingyee1118 10 жыл бұрын
Awesome quids. Can I contact you privately? Do you have a email or something. Yeah dont sweat this shellshock too much. There are lots of other flaws that are not known. Lazy programmers. Oh well lets make it public.
@shafnet
@shafnet 10 жыл бұрын
BTW You should have demonstrated a cgi script as an attack vector instead as an instant analyst's password is as good as gold for instant NOPASSWD sudo
@EdwinPallens
@EdwinPallens 10 жыл бұрын
thank you for the brake down I get a better picture know of why they talking about.
@KDGNOR
@KDGNOR 10 жыл бұрын
so u going from now on make hacking videos? :P
@raulserrano351
@raulserrano351 10 жыл бұрын
I can sense the NSA......outside...... as I watch this.
@quidsup
@quidsup 10 жыл бұрын
Raul Serrano Probably sat there cursing that a bug they've been exploiting for years no longer works
@hoobadydoo4797
@hoobadydoo4797 10 жыл бұрын
how the fuck did i end up here? i was watching static-x videos..
@blackneos940
@blackneos940 10 жыл бұрын
Heyyy..... :D I've got Bubblemon TOO..... :D LOVE that 'lil Bubble..... :3
@ScarletRed.
@ScarletRed. 10 жыл бұрын
Just received another bash update while watching lol
Shellshock Attack Lecture
59:40
Kevin Du
Рет қаралды 16 М.
Radio Hacking: Cars, Hardware, and more! - Samy Kamkar - AppSec California 2016
51:12
Chain Game Strong ⛓️
00:21
Anwar Jibawi
Рет қаралды 41 МЛН
人是不能做到吗?#火影忍者 #家人  #佐助
00:20
火影忍者一家
Рет қаралды 20 МЛН
Что-что Мурсдей говорит? 💭 #симбочка #симба #мурсдей
00:19
Beginner's Guide to the Bash Terminal
1:14:37
Joe Collins (EzeeLinux)
Рет қаралды 2,3 МЛН
The Shellshock Bug In About Four Minutes
4:30
Tom Scott
Рет қаралды 1,9 МЛН
How to Crack Software (Reverse Engineering)
16:16
Eric Parker
Рет қаралды 813 М.
Is this the best OSINT tool out there?!
17:10
stuffy24
Рет қаралды 371 М.
Bash vs ZSH vs Fish: What's the Difference?
13:32
Eric Murphy
Рет қаралды 197 М.
Мастер и Мандарины - Уральские Пельмени
1:34:39
Уральские Пельмени
Рет қаралды 247 М.
TailsOS Guide For The Ultra Paranoid
35:32
Mental Outlaw
Рет қаралды 464 М.
I Redesigned the ENTIRE YouTube UI from Scratch
19:10
Juxtopposed
Рет қаралды 913 М.
How the Best Hackers Learn Their Craft
42:46
RSA Conference
Рет қаралды 2,6 МЛН