env x=`(){ :;};echo exploit` bash -c cat /etc/passw

d

What is the Shellshock bash vulnerability attempting to do on an vulnerable Linux host?

A. Display passwd content to prompt

B. Removes the passwd file

C. Changes all passwords in passwd

D. Add new user to the passwd file

To extract private

information, attackers are using a couple of techniques. The simplest extraction attacks are in the form:

() {:;}; /bin/cat /etc/passwd

That reads the password file /etc/passwd, and adds it to the response from the web server. So an attacker injecting this

code through the Shellshock vulnerability would see the password file dumped out onto their screen as part of the web page returned.

References: