You must to find details of shellshock attacks
Log file: https://app.letsdefend.io/download/downloadfile/shellshock.zip
Note: pcap file found public resources.
Download the pcap file and filter out with HTTP.
Follow the HTTP request that has the 500 Internal Server Error. Errors often showcases information.
What is the server operating system?
Follow the stream of the HTTP and you will notice the server version in the address and the input used by the attacker once shellshock exploit is loaded.
What is the application server and version running on the target system?
What is the exact command that the attacker wants to run on the target server?
Leave a Reply