j1n6/shellshock.sh

## shellshock.sh
#!/bin/bash

# Check your release, none LTS need to apply this script
# lsb_release -a

cd /tmp && mkdir src && cd src
wget http://ftp.gnu.org/gnu/bash/bash-4.3.tar.gz

#download all patches
for i in $(seq -f "%03g" 0 27); do wget http://ftp.gnu.org/gnu/bash/bash-4.3-patches/bash43-$i; done
tar zxvf bash-4.3.tar.gz && cd bash-4.3

# apply all patches
for i in $(seq -f "%03g" 0 27);do patch -p0 < ../bash43-$i; done

# Build and install
# The installation is placed at /usr/local/bin/bash
./configure && make && sudo make install
cd /tmp
rm -r src

# Add /usr/local/bin/bash
# To /etc/shells
echo '/usr/local/bin/bash' >> /etc/shells

# change shell for ubuntu
sudo chsh -s /usr/local/bin/bash ubuntu

# gzip old bash for backup
sudo gzip /bin/bash
sudo mv /bin/bash.gz /bin/bash-old.gz
sudo ln -s /usr/local/bin/bash /bin/bash

# change shell for ubuntu
sudo chsh -s /bin/bash ubuntu


## still vulnerable?
env x='() { :;}; echo vulnerable' bash -c 'echo hello'
	#!/bin/bash

	# Check your release, none LTS need to apply this script
	# lsb_release -a

	cd /tmp && mkdir src && cd src
	wget http://ftp.gnu.org/gnu/bash/bash-4.3.tar.gz

	#download all patches
	for i in $(seq -f "%03g" 0 27); do wget http://ftp.gnu.org/gnu/bash/bash-4.3-patches/bash43-$i; done
	tar zxvf bash-4.3.tar.gz && cd bash-4.3

	# apply all patches
	for i in $(seq -f "%03g" 0 27);do patch -p0 < ../bash43-$i; done

	# Build and install
	# The installation is placed at /usr/local/bin/bash
	./configure && make && sudo make install
	cd /tmp
	rm -r src

	# Add /usr/local/bin/bash
	# To /etc/shells
	echo '/usr/local/bin/bash' >> /etc/shells

	# change shell for ubuntu
	sudo chsh -s /usr/local/bin/bash ubuntu

	# gzip old bash for backup
	sudo gzip /bin/bash
	sudo mv /bin/bash.gz /bin/bash-old.gz
	sudo ln -s /usr/local/bin/bash /bin/bash

	# change shell for ubuntu
	sudo chsh -s /bin/bash ubuntu


	## still vulnerable?
	env x='() { :;}; echo vulnerable' bash -c 'echo hello'