Today i'm surfing internet to get proper exploit or script to exploit shellshock vulnerabality. but only found metasploit and some exploit-DB exploits which are not verified and also some are not working. so, i decided to write my own script to exploit shellshock vulnerable server remotely by sending crafted headers. my script allow you to choose your custom command which you want to execute on remote server if vulnerable .
This script is only for my null-byte friends .
First what you need :-
1 Bash based system
3 Colorama Python color module
- Vulnerable Server.
Here is a screenshot How my script looks like
Script Link : http://pastebin.com/PBQ0rsAW
Copy script from link provided and save it as "ssexploit.py". and edit it with your favourite text editor and replace website and directory there with your vulnerable website and website directory, you can also change command which you want to execute.
then execute in shell : python ssexploit.py
:) if you need any help regarding script or shellshock PM me :)
Command which you can use :-
list directory : /bin/ls -l
eject CD/DVD Drive : /usr/bin/eject
ifconfig : /sbin/ifconfig
and for more commands google it or PM me.