Shellshock vulnerability allows for remote code execution using shell callouts to bash below 4.3. payload can be sent simply using curl in http headers.

Exploitation : Curl – shocker.py – Metasploit

Mitigation : Update bash > 4.3 – Dislable shell callouts in /cgi-bin

In this post, we covered the demonstration, exploitation and mitigation of The ShellShock Vulnerability. We used the lab material of HackTheBox Shocker.

Download HackTheBox Shocker learning material in pdf

Get OSCP Certificate Notes

Video Walk-Through

https://www.youtube.com/watch?v=QEaZDAB7X1A
,
Show Comments

Motasem

About the Author

Cybersecurity Trainer MS in Cybersecurity Expertise in Healthcare and Finance Industries Penetration tester and compliance auditor

View Articles