On Sep 30, 2014 3:40 PM, "Georgi Guninski" <[1]guninski@guninski.com>
   wrote:
   >
   > If I had a budget for buying sploits, I would
   > pay much more for shockshell than for HB, might be wrong.

   This is a really good metric. It instantly combines utility with
   potential etc.

   HB obtains you the root password, too. Maybe you have to wait for the
   admin to log in, but still. It also doesn't leave a trace, which is
   neat.

   HB gets you exploits for some very serious competitors. Shellshock only
   for silly competition and, unless they're really silly, requires
   another exploit for root.

   So.. it depends! On too much. For me personally shellshock is an easier
   exploit but heartbleed can be way more fun. Hmm... have to go with
   heartbleed in the end. Real users often use the same password, so
   that'd let me take open wifi users by surprise. If you'd want you can
   take servers, even though it's a tease harder.

References

   1. mailto:guninski@guninski.com