Shellshock Attack Lab

Lab Description and Tasks

• Lab Description: Shellshock.pdf
• Lab Setup files: Labsetup.zip

Additional information on the SEED project site.

Additional Tasks

In class we demonstrated a simple method of using Shellshock to cause a Denial of Service attack. sleep is a command in Unix that suspends program execution for a specified time. Having this information, can you demonstrate another Shellshock attack to cause Denial of Service?

Without clicking on any links and using Google, how useful to attackers are the results from searching the term: filetype:cgi inurl:cgi-bin or inurl:/cgi-bin/.cgi?

Grading

Post your report in Marmoset by the scheduled due date in the syllabus. Your grade for this lab will be composed of:

• 30% - Design
• 30% - Observations
• 40% - Explanation
• You are responsible for ensuring your submission and screenshots are legible. Extra Credit if you pursue further investigation, beyond what is required by the lab description.