Using a BASH vunerability, which was patched within days, on a purposefuly un-updated Linux system, to KILL a Windows system, by using an old, known, and as yet unpatched Windows vunerability :D Very well done, Quids :)
@x-p-h-i-l-e10 жыл бұрын
I still can't believe this has been around for like 20 years... Madness I say.
@iburley_10 жыл бұрын
Great video. I particularly like your blow to Flash, cracked me up pretty good.
@RaveYoda10 жыл бұрын
I don't recall if it was you or another youtuber who enlightened me to this trick, but, I liked how you used the IPv6 exploit to kill the Win Machine. I heard about that windows flaw some time back and I laughed. MSoft's reply to the vulnerability was "We don't care." XD Goo MSoft not caring.
@quidsup10 жыл бұрын
It might have been me, I did a video on it a couple of years or so ago before Windows 8 was released.
@RaveYoda10 жыл бұрын
***** Ether way, kudos on the display. =] I hope more people take notice of that flaw.
@tostoday10 жыл бұрын
Shell Shock Attack - sounds like a cool Linux game :)
@HigherPlanes10 жыл бұрын
Good stuff man. Just shows that people's minds are more vulnerable than their computers.
@alcesmir10 жыл бұрын
***** I'm a bit confused about this one. The exact way you use here already requires access to a shell on the machine (which means you more or less have control of the box already). And even ignoring that, I don't see the reason of actually using the exploit here. It doesn't seem to be necessary. I suppose a real attack would try to use the exploit to push the two lines of code (the mknod and the netcat line) for the reverse shell through http requests or something (if you wanted to attack a web server)? That would warrant the use of the exploit and would actually make sense (in my head). Oh, and the code on your website seems a bit off, the netcat line seem to have lost most content (probably due to being treated weirdly or something, I guess).
@markgraziano12018 жыл бұрын
my thoughts exactly. If you already have a shell on a machine that's behind the firewall to perform the second half of the netcat initiation...what's the exploit? Maybe I'm confused...
@shortcutDJ10 жыл бұрын
i loved your xbmc video's... but this video made want to hit the subscribe button. seems like you upgraded your camera... looking sharp brother. keep up the good work. cheerio from Belgium. subbed.
@CyberiadPhoenix10 жыл бұрын
a patch was release that makes it ignore any commands given through this attack
@klikkolee10 жыл бұрын
I am having difficulties understanding were the shellshock bug really makes a difference. under what circumstances would the code not run in the first place?
@ohdung10 жыл бұрын
I rather liked this video and how you demoed how the exploit can be used against Windows machines as well.
@atarixle9 жыл бұрын
I still don't get the difference between sending the command via shell shock and sending them directly. Can you demo this or explain? Somehow I don't see a reason why you can't just type the attacing command without a function declaration at the beginning. You already have the shell access.
@ClawSpike10 жыл бұрын
your Windows hatred runs deeply. You took a Linux vulnerability and used it to down a Windows machine. I still liked the video.
@tostoday10 жыл бұрын
Lol, Quids is cool.
@joelevi853110 жыл бұрын
Thank you for the video, but I have to admit, at 2:08 you type in a username and password to gain access. This is the equivalent of me making a video on how to physically break into a bank, and the first thing I say is "First, you just need to walk into the bank, past the guard, and then punch the combination into the vault door. OK, now that we are in, I can perform these other actions" - I think there is something to be said for the username / password for the unit still being a huge hurdle for most attackers.
@tim81908 жыл бұрын
u said its on 100% forever rly or just till reboot / atk stops
@mariusa57548 жыл бұрын
Have Microsoft fixed the IPv6 exploit? Can you turn off IPv6 in Windows to stop the attack? Does anything actually use IPv6 yet?
@rusticpineapple7878 жыл бұрын
Time to test this on my school website >:D
@austinmurphy90745 жыл бұрын
its been 3 years, have u been arrested yet?
@KarnKaul10 жыл бұрын
This was amazing!
@psychotheo9 жыл бұрын
***** what processor do you have and how much ram?
@danielrobinson228110 жыл бұрын
Song at the end?
@JackMorgan87310 жыл бұрын
Darude - Sandstorm
@danielrobinson228110 жыл бұрын
Lol found out n e way
@Kxshou10 жыл бұрын
***** *any
@JackMorgan87310 жыл бұрын
N e*
@shafnet10 жыл бұрын
Phase one : CVE-2014-6271 Phase two : CVE-2014-7186 + CVE-2014-7187 Keep patching folks as the first patch is not enough If in doubt due to the lag in releases (debian, RHEL CentOS) you can patch manually using this neat script as an example dmsimard.com/2014/09/25/the-bash-cve-2014-6271-shellshock-vulnerability/
@funkeypigeon10 жыл бұрын
ive never actually seen someone who uses Linux before... looks ok
@steveokinevo10 жыл бұрын
Ya know what bugs me is all these tw*ts posting on quids videos talking about his hatred for windows. Give it up, no need to slate the man. He is a network master, and is clearly showing the implications this type of attack could have against a windows system on a network. From a security standpoint linux will always have the edge over windows. Upon release of the bug in bash it has been patched. The joys of the open source world.
@blackneos9409 жыл бұрын
I LOVE Bubblemon and the Ghost Theme..... :3 Oh, hey, I commented something like that 6 MONTHS ago..... :) High past self!!..... ^^
@thingyee111810 жыл бұрын
Awesome quids. Can I contact you privately? Do you have a email or something. Yeah dont sweat this shellshock too much. There are lots of other flaws that are not known. Lazy programmers. Oh well lets make it public.
@shafnet10 жыл бұрын
BTW You should have demonstrated a cgi script as an attack vector instead as an instant analyst's password is as good as gold for instant NOPASSWD sudo
@EdwinPallens10 жыл бұрын
thank you for the brake down I get a better picture know of why they talking about.
@KDGNOR10 жыл бұрын
so u going from now on make hacking videos? :P
@raulserrano35110 жыл бұрын
I can sense the NSA......outside...... as I watch this.
@quidsup10 жыл бұрын
Raul Serrano Probably sat there cursing that a bug they've been exploiting for years no longer works
@hoobadydoo479710 жыл бұрын
how the fuck did i end up here? i was watching static-x videos..
@blackneos94010 жыл бұрын
Heyyy..... :D I've got Bubblemon TOO..... :D LOVE that 'lil Bubble..... :3
@ScarletRed.10 жыл бұрын
Just received another bash update while watching lol