Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Shell Shock NSE Script (CVE-2014-6271)

From: Richard Miles <richard.k.miles () googlemail com>
Date: Thu, 2 Oct 2014 16:57:09 -0500
Hi guys,

This vulnerability is awesome, why not create a set of tests for common
vulnerable applications? For example, test against well-know web
applications, FTP Servers, SMTP, FTP servers, etc. I have seen exploits for
almost all these systems, I guess that a single script or a couple of them
to detect would be AWESOME.

Examples:

Pure-FTPd External Authentication Bash Environment Variable Code Injection
by Frank Denis, Spencer McIntyre, and Stephane Chazelas exploits -
Metasploit

Apache mod_cgi Bash Environment Variable Code Injection by wvu, juan
vazquez, Stephane Chazelas, and lcamtuf exploits CVE-2014-6278  - Metasploit

Apache mod_cgi Bash Environment Variable RCE Scanner by wvu, Stephane
Chazelas, and lcamtuf exploits CVE-2014-6278 and -
Metasploit

Here is a collection of POCs:

https://github.com/mubix/shellshocker-pocs
https://www.dfranke.us/posts/2014-09-27-shell-shock-exploitation-vectors.html

What do you think guys?

Thanks.

On Wed, Oct 1, 2014 at 3:11 AM, Paulino Calderon <paulino () calderonpale com>
wrote:


Hello everyone,

I’ve cleaned up the script and improved a few things:

https://bitbucket.org/cldrn/nmap-nse-scripts/src/111b0a2439b22cb287572f5b45fd7991814ec6cf/scripts/6.x/http-shellshock.nse?at=master

I’ve tested the script against the VM and it works perfectly. Obviously
more testing is appreciated but i think it is ready for submission.

Cheers.

On Sep 26, 2014, at 3:45 AM, Paul Amar <paul () sensepost com> wrote:


Hi list,

I created a NSE script for the Shell Shock vulnerability (CVE-2014-6271).

I tested the script with Pentesterlab's VM located here:
files.pentesterlab.com/cve-2014-6271/cve-2014-6271.iso.

This script detects if the host is vulnerable.
If so, you get a reverse shell by specifying the good arguments.

Eg. ./nmap -p80 --script http-vuln-cve-2014-6271.nse --script-args


http-vuln-cve-2014-6271.remoteIp=<your-ip>,http-vuln-cve-2014-6271.remotePort=<your-port>,http-vuln-cve-2014-6271.uri=/cgi-bin/status

<ip> -d

Feel free if you have any feedback,
Paul


<http-vuln-cve-2014-6271.nse>_______________________________________________

Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/


_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/


_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: