🔬Bash
Lab 1
Target IP:
192.173.104.3
Bash Exploitation - CVE-2014-6071
Enumeration
Check the website via a browser:
http://192.173.104.3/
View Page Source
http://192.173.104.3/gettime.cgi
gettime.cgi
script can be utilized as the attack vector
Check if the server is vulnerable to ShellShock
Manual Exploitation
To inject special characters into the
user-agent
HTTP header, BurpSuite can be used.Configure FoxyProxy on Firefox, click on Burp Suite in FoxyProxy and run Burp Suite
Inside Proxy menu, turn Intercept On
Reload the
/gettime.cgi
webpage in Firefox and intercept the response in BurpSuite
Send the request to the Repeater
Replace
User-Agent:
value with characters:
Send the request and check the Response
📌 The target is vulnerable to ShellShock
Reverse Shell
Set up a listener
Open Burp Suite and change the command to connect to the
netcat
listener of the Kali VM. The payload will be:
Turn off burpsuite listener and FoxyProxy.
Automatic Exploitation
Last updated