[claudio@localhost ~]$ ./bash_env_rci_v2.py
_______ _______ __
| _ .-----.--.--. | _ .---.-.-----| |--.
|. |___| | | | |. 1 | _ |__ --| |
|. | |__|__|_____| |. _ |___._|_____|__|__|
|: 1 | |: 1 \
|::.. . | |::.. . /
`-------' `-------'
___ ___ _______ _______ _______ ___
| Y | | _ | | _ | _ | |
| | |_|___| | |. l |. 1___|. |
|____ |___(__ | |. _ |. |___|. |
|: | |: 1 | |: | |: 1 |: |
|::.| |::.. . | |::.|:. |::.. . |::.|
`---' `-------' `--- ---`-------`---'
Gnu B4sh <= 4.3 Cg1 Sc4n + r3m0t3 C0mm4nd Inj3ct10n
==========================================
- Release date: 2014-09-25
- Discovered by: Stephane Chazelas
- CVE: 2014-6271
===========================================
Written by:
Claudio Viviani
http://www.homelab.it
[email protected]
[email protected]
https://www.facebook.com/homelabit
https://twitter.com/homelabit
https://plus.google.com/+HomelabIt1/
https://www.youtube.com/channel/UCqqmSdMqf_exicCe_DjlBww
usage: bash_env_rci_v2.py [-s] -t http://localhost/cgi-bin/test -c "touch /tmp/test.txt"
options:
-h, --help show this help message and exit
-t TARGET, --target=TARGET
Insert TARGET URL: http[s]://www.victim.com[:PORT]
-c CMD, --cmd=CMD Insert command name
-s, --scan Scan Only
Download
Download Exploit: HERE