{"id":257,"date":"2014-09-26T00:42:18","date_gmt":"2014-09-25T15:42:18","guid":{"rendered":"http:\/\/emeth.jp\/diary\/?p=257"},"modified":"2020-09-14T02:08:40","modified_gmt":"2020-09-13T17:08:40","slug":"shellshock","status":"publish","type":"post","link":"https:\/\/emeth.jp\/diary\/2014\/09\/shellshock\/","title":{"rendered":"bash\u306e\u8106\u5f31\u6027\u3092\u7a81\u304f\u30a2\u30af\u30bb\u30b9"},"content":{"rendered":"<p>bash\u306e\u8106\u5f31\u6027\u304c\u8a71\u984c\u3067\u3059\u3002<br \/>\n<a href=\"http:\/\/d.hatena.ne.jp\/Kango\/20140925\/1411612246\">bash\u306e\u8106\u5f31\u6027(CVE-2014-6271) #ShellShock \u306e\u95a2\u9023\u30ea\u30f3\u30af\u3092\u307e\u3068\u3081\u3066\u307f\u305f &#8211; piyolog<\/a><\/p>\n<p>\u3046\u3061\u306b\u653b\u6483\u304c\u6765\u3066\u306a\u3044\u304b\u3069\u3046\u304baccess.log\u3092grep\u3057\u3066\u307f\u305f\u3002<!--more--><\/p>\n<pre><pre class=\"brush: plain; highlight: [1]; title: ; notranslate\" title=\"\">\ntkito@sakura:\/var\/log\/apache2$ grep &quot;()&quot; access.log\n209.126.230.72 - - &#x5B;25\/Sep\/2014:09:13:47 +0900] &quot;GET \/ HTTP\/1.0&quot; 200 929 &quot;() { :; }; ping -c 11 209.126.230.74&quot; &quot;shellshock-scan (http:\/\/blog.erratasec.com\/2014\/09\/bash-shellshock-scan-of-internet.html)&quot;\nxx.xx.xx.xx - - &#x5B;25\/Sep\/2014:17:45:57 +0900] &quot;GET \/cgi-sys\/defaultwebpage.cgi HTTP\/1.0&quot; 404 508 &quot;-&quot; &quot;() { :;}; \/bin\/ping -c 1 198.101.206.138&quot;\n<\/pre>\n<p>\u3053\u3093\u306a\u611f\u3058\u3002<br \/>\n\u3046\u3061\u306f\u5143\u3005\u306e\u30a2\u30af\u30bb\u30b9\u6570\u3082\u5c11\u306a\u3044\u30b5\u30a4\u30c8\u306a\u306e\u3067\u73fe\u72b6\u3053\u306e\u7a0b\u5ea6\u3002<\/p>\n<p>1\u884c\u76ee\u306fErrata Security\u306b\u3088\u308b<a href=\"http:\/\/blog.erratasec.com\/2014\/09\/bash-shellshock-scan-of-internet.html\">shellshock-scan<\/a>\u3067\u3042\u308b\u3002<br \/>\n\u30a2\u30af\u30bb\u30b9\u5143IP\u3001ping\u5148IP\u5171\u306bErrata Security\u306eIP\u30a2\u30c9\u30ec\u30b9\u3067\u3042\u308a\u3001\u554f\u984c\u306e\u3042\u308b\u30a2\u30af\u30bb\u30b9\u3067\u306f\u306a\u3044\u3002<\/p>\n<p>2\u884c\u76ee\u306f\u3001\u6050\u3089\u304f\u5584\u610f\u3067\u306f\u306a\u304f\u8106\u5f31\u306a\u30b5\u30fc\u30d3\u30b9\u3092\u63a2\u7d22\u3059\u308b\u30b9\u30ad\u30e3\u30f3\u3060\u3068\u601d\u308f\u308c\u308b\u3002<br \/>\n\u30a2\u30af\u30bb\u30b9\u5143\u306f\u30aa\u30e9\u30f3\u30c0\u306eIP\u3001ping\u5148\u306f\u30af\u30e9\u30a6\u30c9\u30b5\u30fc\u30d3\u30b9\u306eIP\u3067\u3042\u308a\u3001\u5b9f\u65bd\u8005\u306e\u8a73\u7d30\u306f\u4e0d\u660e\u3002<br \/>\nGET\u5bfe\u8c61\u306e\u30d1\u30b9\u3092\u8abf\u3079\u305f\u3068\u3053\u308d\u3001<a href=\"http:\/\/cpanel.net\/\">cPanel\u3068\u3044\u3046\u30b5\u30fc\u30d0\u7ba1\u7406\u30bd\u30d5\u30c8<\/a>\u3067\u4f7f\u308f\u308c\u308b\u3082\u306e\u3089\u3057\u3044\u3002<br \/>\n\u3044\u304b\u306b\u3082\u5185\u90e8\u3067system\u95a2\u6570\u306a\u308a\u3067\u30b3\u30de\u30f3\u30c9\u767a\u884c\u3057\u3066\u305d\u3046\u306a\u30bd\u30d5\u30c8\u3067\u3042\u308b\u3002<\/p>\n<h2>\u6ce8\u610f<\/h2>\n<p>\u3046\u3061\u306e\u5834\u5408grep\u3057\u3066\u308f\u304b\u3063\u305f\u306e\u306f\u4e0a\u8a18\u306e2\u4ef6\u3060\u3051\u3060\u304c\u3001\u305d\u308c\u3067\u5168\u3066\u3060\u3068\u601d\u3063\u3066\u306f\u3044\u3051\u306a\u3044\u3002<br \/>\n<a href=\"http:\/\/blog.erratasec.com\/2014\/09\/bash-shellshock-scan-of-internet.html\">shellshock-scan<\/a>\u306e\u30d6\u30ed\u30b0\u3092\u898b\u308b\u3068\u3001\u30ea\u30af\u30a8\u30b9\u30c8\u30d8\u30c3\u30c0\u306e\u3046\u3061Cookie\u3068Host\u3068Referer\u306b\u30b3\u30fc\u30c9\u3092\u5165\u308c\u3066\u3044\u3066\u3001\u5b9f\u969b\u306b\u30a2\u30af\u30bb\u30b9\u30ed\u30b0\u306b\u6b8b\u3063\u3066\u3044\u308b\u306e\u306fReferer\u306e\u307f\u3067\u3042\u3063\u305f\u3002<br \/>\n\u5f53\u30b5\u30fc\u30d0\u306e\u30ed\u30b0\u306fcombined\u3067\u6b8b\u3059\u3088\u3046\u306b\u306a\u3063\u3066\u3044\u308b\uff08\u30c7\u30d5\u30a9\u30eb\u30c8\u306e\u307e\u307e\uff09\u304c\u3001Cookie\u3068Host\u306f\u30a2\u30af\u30bb\u30b9\u30ed\u30b0\u306b\u306f\u6b8b\u3063\u3066\u3044\u306a\u3044\u3002<br \/>\n\u4ed6\u306b\u3082\u30c7\u30d5\u30a9\u30eb\u30c8\u3067\u30ed\u30b0\u306b\u6b8b\u3089\u306a\u3044\u30d8\u30c3\u30c0\u306f\u3042\u308b\uff08Accept-Encoding\u306a\u3069\uff09\u306e\u3067\u3001\u30ed\u30b0\u306b\u6b8b\u3063\u3066\u306a\u304b\u3063\u305f\u304b\u3089\u3068\u3044\u3063\u3066\u653b\u6483\u304c\u306a\u304b\u3063\u305f\u3068\u3044\u3046\u308f\u3051\u3067\u306f\u306a\u3044\u3002<br \/>\n\u81ea\u5206\u304c\u653b\u6483\u8005\u306a\u3089\u3067\u304d\u308b\u3060\u3051\u30ed\u30b0\u306b\u6b8b\u3089\u306a\u3044\u65b9\u6cd5\u3067\u30b9\u30ad\u30e3\u30f3\u3092\u884c\u3046\u3002<br \/>\n\u6c17\u3065\u304b\u306a\u3044\u3046\u3061\u306b\u30d0\u30c3\u30af\u30c9\u30a2\u304c\u4ed5\u639b\u3051\u3089\u308c\u3066\u3044\u308b\u304b\u3082\u3057\u308c\u306a\u3044\u306e\u3060\u3002<br \/>\n\u5371\u967a\u306aCGI\u306a\u3069\u3092\u8a2d\u7f6e\u3057\u3066\u3044\u305f\u30b5\u30fc\u30d0\u306f\u5165\u5ff5\u306a\u8abf\u67fb\u304c\u5fc5\u8981\u3060\u3068\u601d\u308f\u308c\u308b\u3002<br \/>\n\uff08\u203b\u672c\u5f53\u306b\u75d5\u8de1\u6b8b\u3055\u305a\u306b\u653b\u6483\u304c\u53ef\u80fd\u304b\u3069\u3046\u304b\u306f\u6642\u9593\u304c\u306a\u304f\u3066\u691c\u8a3c\u3057\u3066\u306a\u3044\uff09<\/p>\n","protected":false},"excerpt":{"rendered":"<p>bash\u306e\u8106\u5f31\u6027\u304c\u8a71\u984c\u3067\u3059\u3002 bash\u306e\u8106\u5f31\u6027(CVE-2014-6271) #ShellShock \u306e\u95a2\u9023\u30ea\u30f3\u30af\u3092\u307e\u3068\u3081\u3066\u307f\u305f &#8211; piyolog \u3046\u3061\u306b\u653b\u6483\u304c\u6765\u3066\u306a\u3044\u304b\u3069\u3046\u304baccess.log\u3092grep [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"cybocfi_hide_featured_image":"","footnotes":""},"categories":[1],"tags":[],"class_list":["post-257","post","type-post","status-publish","format-standard","hentry","category-1"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/emeth.jp\/diary\/wp-json\/wp\/v2\/posts\/257","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/emeth.jp\/diary\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/emeth.jp\/diary\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/emeth.jp\/diary\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/emeth.jp\/diary\/wp-json\/wp\/v2\/comments?post=257"}],"version-history":[{"count":9,"href":"https:\/\/emeth.jp\/diary\/wp-json\/wp\/v2\/posts\/257\/revisions"}],"predecessor-version":[{"id":570,"href":"https:\/\/emeth.jp\/diary\/wp-json\/wp\/v2\/posts\/257\/revisions\/570"}],"wp:attachment":[{"href":"https:\/\/emeth.jp\/diary\/wp-json\/wp\/v2\/media?parent=257"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/emeth.jp\/diary\/wp-json\/wp\/v2\/categories?post=257"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/emeth.jp\/diary\/wp-json\/wp\/v2\/tags?post=257"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}