[claudio@localhost ~]$ python ipfire_cgi_shellshock.py
___ _______ _______ __ _______ __
| | _ | _ |__.----.-----. | _ .-----|__|
|. |. 1 |. 1___| | _| -__| |. 1___| _ | |
|. |. ____|. __) |__|__| |_____| |. |___|___ |__|
|: |: | |: | |: 1 |_____|
|::.|::.| |::.| |::.. . |
`---`---' `---' `-------'
_______ __ __ __ _______ __ __
| _ | |--.-----| | | _ | |--.-----.----| |--.
| 1___| | -__| | | 1___| | _ | __| <
|____ |__|__|_____|__|__|____ |__|__|_____|____|__|__|
|: 1 | |: 1 |
|::.. . | |::.. . |
`-------' `-------'
IPFire <= 2.15 c0re 82 Authenticated
Cgi Sh3llSh0ck r3m0t3 C0mm4nd Inj3ct10n
Written by:
Claudio Viviani
http://www.homelab.it
[email protected]
[email protected]
https://www.facebook.com/homelabit
https://twitter.com/homelabit
https://plus.google.com/+HomelabIt1/
https://www.youtube.com/channel/UCqqmSdMqf_exicCe_DjlBww
usage: ipfire_cgi_shellshock.py -t https://target:444/ -u admin -p pwd -c "touch /tmp/test.txt"
options:
-h, --help show this help message and exit
-t TARGET, --target=TARGET
Insert TARGET URL
-c CMD, --cmd=CMD Insert command name
-u USER, --user=USER Insert username
-p PWD, --pwd=PWD Insert password
Download
Download Exploit: HERE