We first check the version of bash running on our system. Then, we run the well-known code to confirm if shellshock vulnerability exists.

To understand how shellshock vulnerability works, we create a variable in bash and then try to export it to the child shell and execute it there. Next, we try to create another variable and assign its value as '() { echo 'shellshock';}'. After doing this, when we export this variable to a child shell and execute it there, we can see that it gets interpreted as a function and executes the body of the function.

This is what makes bash vulnerable to shellshock, where specially crafted variables can be used to run any command in bash when it is launched.