Nmap Development mailing list archives
Re: Shell Shock NSE Script (CVE-2014-6271)
From: Richard Miles <richard.k.miles () googlemail com>
Date: Thu, 9 Oct 2014 18:35:58 -0500
You rock Paulino, awesome!! I can't help much, but I'm available to test. Thanks On Thu, Oct 9, 2014 at 9:35 AM, Paulino Calderon <paulino () calderonpale com> wrote:
I think it is definitely worth working on detection modules. I will go through all of the PoCs over the weekend to improve the detection module for http and submit other scripts for the other well-known services. Cheers. On Oct 2, 2014, at 4:57 PM, Richard Miles <richard.k.miles () googlemail com> wrote: Hi guys, This vulnerability is awesome, why not create a set of tests for common vulnerable applications? For example, test against well-know web applications, FTP Servers, SMTP, FTP servers, etc. I have seen exploits for almost all these systems, I guess that a single script or a couple of them to detect would be AWESOME. Examples: Pure-FTPd External Authentication Bash Environment Variable Code Injection by Frank Denis, Spencer McIntyre, and Stephane Chazelas exploits - Metasploit Apache mod_cgi Bash Environment Variable Code Injection by wvu, juan vazquez, Stephane Chazelas, and lcamtuf exploits CVE-2014-6278 - Metasploit Apache mod_cgi Bash Environment Variable RCE Scanner by wvu, Stephane Chazelas, and lcamtuf exploits CVE-2014-6278 and - Metasploit Here is a collection of POCs: https://github.com/mubix/shellshocker-pocs https://www.dfranke.us/posts/2014-09-27-shell-shock-exploitation-vectors.html What do you think guys? Thanks. On Wed, Oct 1, 2014 at 3:11 AM, Paulino Calderon <paulino () calderonpale comwrote:Hello everyone, I’ve cleaned up the script and improved a few things: https://bitbucket.org/cldrn/nmap-nse-scripts/src/111b0a2439b22cb287572f5b45fd7991814ec6cf/scripts/6.x/http-shellshock.nse?at=master I’ve tested the script against the VM and it works perfectly. Obviously more testing is appreciated but i think it is ready for submission. Cheers. On Sep 26, 2014, at 3:45 AM, Paul Amar <paul () sensepost com> wrote:Hi list, I created a NSE script for the Shell Shock vulnerability(CVE-2014-6271).I tested the script with Pentesterlab's VM located here: files.pentesterlab.com/cve-2014-6271/cve-2014-6271.iso. This script detects if the host is vulnerable. If so, you get a reverse shell by specifying the good arguments. Eg. ./nmap -p80 --script http-vuln-cve-2014-6271.nse --script-argshttp-vuln-cve-2014-6271.remoteIp=<your-ip>,http-vuln-cve-2014-6271.remotePort=<your-port>,http-vuln-cve-2014-6271.uri=/cgi-bin/status<ip> -d Feel free if you have any feedback, Paul<http-vuln-cve-2014-6271.nse>_______________________________________________Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/_______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
_______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Re: Shell Shock NSE Script (CVE-2014-6271) Paulino Calderon (Oct 01)
- Re: Shell Shock NSE Script (CVE-2014-6271) Richard Miles (Oct 02)
- Re: Shell Shock NSE Script (CVE-2014-6271) Paulino Calderon (Oct 09)
- Re: Shell Shock NSE Script (CVE-2014-6271) Richard Miles (Oct 09)
- Re: Shell Shock NSE Script (CVE-2014-6271) stripes (Oct 09)
- Re: Shell Shock NSE Script (CVE-2014-6271) Shritam Bhowmick (Oct 11)
- Re: Shell Shock NSE Script (CVE-2014-6271) Paulino Calderon (Oct 09)
- Re: Shell Shock NSE Script (CVE-2014-6271) Richard Miles (Oct 14)
- Re: Shell Shock NSE Script (CVE-2014-6271) Paulino Calderon (Dec 01)
- Re: Shell Shock NSE Script (CVE-2014-6271) Richard Miles (Oct 02)