exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 11 of 11 RSS Feed

Files from Stephane Chazelas

First Active2014-09-25
Last Active2024-09-01
Apache Mod_cgi Bash Environment Variable Injection (Shellshock) Scanner
Posted Sep 1, 2024
Authored by Michal Zalewski, wvu, Stephane Chazelas | Site metasploit.com

This Metasploit module scans for the Shellshock vulnerability, a flaw in how the Bash shell handles external environment variables. This Metasploit module targets CGI scripts in the Apache web server by setting the HTTP_USER_AGENT environment variable to a malicious function definition. PROTIP: Use exploit/multi/handler with a PAYLOAD appropriate to your CMD, set ExitOnSession false, run -j, and then run this module to create sessions on vulnerable hosts. Note that this is not the recommended method for obtaining shells. If you require sessions, please use the apache_mod_cgi_bash_env_exec exploit module instead.

tags | exploit, web, shell, cgi, bash
advisories | CVE-2014-6271, CVE-2014-6278
SHA-256 | 87c833264ee49ea156b8462740c64928a943a3c37c5f3d9c388659dfaa1d03a0
CUPS Filter Bash Environment Variable Code Injection
Posted Oct 28, 2014
Authored by Michal Zalewski, Stephane Chazelas | Site metasploit.com

This Metasploit module exploits a post-auth code injection in specially crafted environment variables in Bash, specifically targeting CUPS filters through the PRINTER_INFO and PRINTER_LOCATION variables by default.

tags | exploit, bash
advisories | CVE-2014-6271, CVE-2014-6278
SHA-256 | 5a376a0f4e8be0b42906123abc72f100a271655c6310963fc913fc7504861155
DNS Reverse Lookup Shellshock
Posted Oct 13, 2014
Authored by Dirk-Willem van Gulik, Stephane Chazelas

DNS reverse lookups can be used as a vector of attack for the bash shellshock vulnerability.

tags | exploit, bash
advisories | CVE-2014-3671, CVE-2014-6271, CVE-2014-6277, CVE-2014-6278, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187
SHA-256 | f270585f9a138adfc590970e5d69e843b483a83fdff3980b13aa5bef341cd964
Shellshock Bashed CGI RCE
Posted Oct 3, 2014
Authored by Fady Mohamed Osman, Stephane Chazelas | Site metasploit.com

This Metasploit module exploits the shellshock vulnerability in apache cgi. It allows you to execute any metasploit payload you want.

tags | exploit, cgi
advisories | CVE-2014-6271
SHA-256 | a864c843ce6ef903a561a68316c0959dd2b138cad93a26d0f8f6d85e6d98db5d
Pure-FTPd External Authentication Bash Environment Variable Code Injection
Posted Oct 2, 2014
Authored by Frank Denis, Spencer McIntyre, Stephane Chazelas | Site metasploit.com

This Metasploit module exploits the code injection flaw known as shellshock which leverages specially crafted environment variables in Bash. This exploit specifically targets Pure-FTPd when configured to use an external program for authentication.

tags | exploit, bash
advisories | CVE-2014-6271
SHA-256 | d1353f15ae7ed9aea8cd6b1644f5fbeada6291338684996bc3b3a388a0f3b2ec
Dhclient Bash Environment Variable Injection
Posted Sep 27, 2014
Authored by egypt, Stephane Chazelas | Site metasploit.com

When bash is started with an environment variable that begins with the string "() {", that variable is treated as a function definition and parsed as code. If extra commands are added after the function definition, they will be executed immediately. When dhclient receives an ACK that contains a domain name or hostname, they are passed to configuration scripts as environment variables, allowing us to trigger the bash bug. Because of the length restrictions and unusual networking scenario at time of exploitation, this Metasploit module achieves code execution by echoing our payload into /etc/crontab and cleans it up when we get a shell.

tags | exploit, shell, code execution, bash
advisories | CVE-2014-6271
SHA-256 | 5d7d7b3c51f3ee9f6de8df21a01a41ce128a74b5cdd4be3f7d65a7357f36ed1e
Apache mod_cgi Bash Environment Variable Code Injection
Posted Sep 26, 2014
Authored by juan vazquez, wvu, Stephane Chazelas | Site metasploit.com

This Metasploit module exploits a code injection in specially crafted environment variables in Bash, specifically targeting Apache mod_cgi scripts through the HTTP_USER_AGENT variable.

tags | exploit, bash
advisories | CVE-2014-6271
SHA-256 | bddccc35d3cda611c86307a7ce0074fc7d74f100f9a6dea0b6e39a478138e054
DHCP Client Bash Environment Variable Code Injection
Posted Sep 26, 2014
Authored by Ramon de C Valle, scriptjunkie, Stephane Chazelas | Site metasploit.com

This Metasploit module exploits a code injection in specially crafted environment variables in Bash, specifically targeting dhclient network configuration scripts through the HOSTNAME, DOMAINNAME, and URL DHCP options.

tags | exploit, bash
advisories | CVE-2014-6271
SHA-256 | 79d7a8dc657f6596bbdf6d89daca73b5c6faa99cc6ea47bed9be15fb8d04a23a
Gnu Bash 4.3 CGI Scan Remote Command Injection
Posted Sep 26, 2014
Authored by Claudio Viviani, Stephane Chazelas

Gnu Bash versions 4.3 and below remote command injection exploit that leverages the User-Agent header via vulnerable CGI scripts. Written in Python.

tags | exploit, remote, cgi, python, bash
advisories | CVE-2014-6271, CVE-2014-7169
SHA-256 | 057996be27a48a42909a085ad63607f515c2c4f7a1da1dc7eddd802689cd126c
Mac OS X VMWare Fusion Root Privilege Escalation
Posted Sep 25, 2014
Authored by mubix, joev, Stephane Chazelas, juken | Site metasploit.com

This abuses the bug in bash environment variables (CVE-2014-6271) to get a suid binary inside of VMWare Fusion to launch our payload as root.

tags | exploit, root, bash
advisories | CVE-2014-6271
SHA-256 | f04f53cef923e1ebad417dccfb1f6d01ee754b3ddac0ef16fcb609fa3f055392
bashedCgi Remote Command Execution
Posted Sep 25, 2014
Authored by Shaun Colley, Stephane Chazelas | Site metasploit.com

bashedCgi is a quick and dirty Metasploit module to send the BASH exploit payload (CVE-2014-6271) to CGI scripts that are BASH-based or invoke BASH, to execute an arbitrary shell command.

tags | exploit, arbitrary, shell, cgi, bash
advisories | CVE-2014-6271
SHA-256 | 917183304ff31e505f18d434fcc284d5fe270c928e0cc5e96231c14eabb1aae3
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    69 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close