Tutorials

ShellShock Exploitation with BurpSuite [PentesterLab] – CVE-2014-6271

This is an exercise from PentesterLab to reproduce & demonstrate how to exploit CVE-2014-6271 [ShellShock Vulnerability]. Download Vulnerable ISO –¬†https://www.pentesterlab.com/exercises/cve-2014-6271 Size: 19 MB OS Type: Linux A flaw was found in the way Bash evaluated certain specially crafted environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell […]

Tutorials

Exploitation of ShellShock Vulnerability with BadBash Tool

In a previous article, we have described the ShellShock vulnerability and in this article we show how to exploit this vulnerability using the BadBash Script. BadBash is a CVE-2014-6271 RCE exploit tool. The basic version only checks for the HTTP CGI site and only provides netcat reverse shell on port 1234. If you want to […]

Tutorials

ShellShock Vulnerability Exploitation With HTTP Request

In a previous tutorial, we used Metasploit Framework to gain a low-level shell on the target system by exploiting the ShellShock vulnerability. The same can also be done by sending a HTTP Request with Wget and Curl. In order to exploit the ShellShock bug, the following steps need to occur: you must get the target […]

Tutorials

ShellShock Vulnerability Exploitation With Metasploit Framework

Previously we’ve well explained the Heartbleed Vulnerability which already created so much havoc and now we’ll show you a live exploitation of ShellShock Vulnerability (CVE-2014-6271) with Metasploit Framework. ShellShock Vulnerability also called Bash Bug Vulnerability which already affects thousands of Linux/Unix operating systems. This vulnerability has originally discovered by Stephane Chazelas. Essentially, ShellShock works by […]