🌟
Noel's Cyberkshetra Blogspace
LinkedIn ProfileGithub ProfilePersonal Blogspot
  • Welcome to my Gitbooks Page
  • 💽Let's Defend Blue Team Walkthroughs
    • SOC164 - Suspicious Mshta Behavior Alert
    • SOC147 - SSH Scan Activity Alert
    • SOC146  -  Phishing Mail Detected Alert
    • SOC145 - Ransomware Detected Alert
    • SOC144  -  New scheduled task created Alert
    • SOC143 - Password Stealer Detected Alert
    • SOC141  -  Phishing URL Detected Alert
    • SOC141 - Phishing URL Detected Alert
    • SOC137 — Malicious File/Script Download Attempt: A Walkthrough
    • SOC109  -  Emotet Malware Detected Alert
    • SOC104 - Malware Detected Alert
    • SOC101  -  Phishing Mail Detected Alert
    • HTTP Basic Auth: Let's Defend DFIR Challenge
    • ShellShock Attack: Let’s Defend Challenge
    • 2021’s 0-Day MSHTML: Let's Defend Lab
  • 🤺BTLO Walkthroughs
    • BTLO: Network Analysis-Web Shell Challenge
    • BTLO: Suspicious USB Stick Challenge
  • 💒WiCYS CyberStart
    • Chapter 1 - Amsterdam A Running Start
      • WiCYS CyberStart (Amsterdam) Challenge 1
      • WiCYS CyberStart (Amsterdam) Challenge 2
      • WiCYS CyberStart (Amsterdam) Challenge 3
      • WiCYS CyberStart (Amsterdam) Challenge 4
    • Chapter 2 - Tokyo Patterns of Behaviour
      • WiCYS CyberStart (Tokyo) Challenge 1
      • WiCYS CyberStart (Tokyo) Challenge 2
      • WiCYS CyberStart (Tokyo) Challenge 3
      • WiCYS CyberStart (Tokyo) Challenge 4
    • Chapter 3 - Barcelona In the thick of it
      • WiCYS CyberStart (Barcelona) Challenge 1
      • WiCYS CyberStart (Barcelona) Challenge 2
      • WiCYS Cyberstart (Barcelona) Challenge 3
      • WiCYS CyberStart (Barcelona) Challenge 4
  • 📕Technical Cyber articles
    • An in-depth analysis of an Intrusion Prevention System
    • DevSecOps-Making a difference from traditional DevOps
    • CVE - 2020–1472 (Zerologon Vulnerability)-Exploitation & Remediation
    • Computer Forensics Acquisition
    • Cyber Hygiene Tips
    • Hack your System - Linux Edition
    • Markovian Parallax Denigrate-Breaking the cipher
    • SIEM-Incorporating Incident Response into Network Security
    • Social Engineering-A leading cause for vulnerability occurrence
    • Report Writing in Digital & Multimedia Forensics
    • Zero-Day Vulnerabilities: A short overview
    • Zero Trust Network Access-A solution to Network Security
  • 🧑‍💻Hack The Box : Starting Point Machines
    • Meow
    • Fawn
    • Dancing
    • Redeemer
Powered by GitBook
On this page
  • Gist of the challenge
  • What is the Shellshock Vulnerability?
  • Challenge Questions
  • Conclusion
  • Your opinion matters
  1. Let's Defend Blue Team Walkthroughs

ShellShock Attack: Let’s Defend Challenge

Shellshock attack evidence analysis

PreviousHTTP Basic Auth: Let's Defend DFIR ChallengeNext2021’s 0-Day MSHTML: Let's Defend Lab

Last updated 3 years ago

Hello, blue teamers. Today I am going to try my hand on another short and easy blue team exercise from Let’s Defend, titled

Let's go for it!

NOTE: Always remember to investigate challenges from Let's Defend, on a VM.

Gist of the challenge

You must to find details of shellshock attacks

Note: pcap file found public resources.

What is the Shellshock Vulnerability?

In fact, Vulnhub has a boot2root VM called Troll2, which is based upon the same vulnerability

Challenge Questions

Q) What is the server operating system?

Analyzing HTTP Packets give this answer (remember to expand them)

A) Ubuntu

Q) What is the application server and version running on the target system?

Analyzing the HTTP packet with the Internal Server error gives us our answer

A) Apache/2.2.22

Q) What is the exact command that the attacker wants to run on the target server?

A) /bin/ping -c1 10.246.50.2

Conclusion

This challenge was a breeze!

Thank you for reading this entry. Stay tuned, as I try to close down some more SOC alerts....

Your opinion matters

My audience has a voice. Feel free to reach out to me, on my socials (links are on top of this page) for any queries to be addressed. Dropping a sweet message would make my day

Let your opinion about this write-up be known, by selecting any one of the emojis below!.

Log file: Pass: 321

Quoting Wikipedia, Shellshock, also known as Bashdoor, is a family of in the , disclosed on 24 September 2014. Shellshock could enable an attacker to cause Bash to and gain unauthorized access to many Internet-facing services, such as web servers, that use Bash to process requests.

💽
https://app.letsdefend.io/download/downloadfile/shellshock.zip
security bugs
Unix
Bash
shell
execute arbitrary commands
Shellshock Attack