I am able to access /cgi-bin/test.sh.
To know more about shellshock, https://en.wikipedia.org/wiki/Shellshock_(software_bug)
As now I found the host is vulnerable for ShellShock, my next step is to exploit the vulnerability.
Exploitation:
ShellShock is a code injection exploitable vulnerability. I am going to exploited using the tool called Metasploit.
Here, I am going to use the easy method by using Metasploit.
To start Metasploit in Kali type” msfconsole” in the terminal
Use “search“ command to search for all shellshock exploits. You can also use Searchsploit in the terminal to find the exploits available
20 Comments
Comments are closed.