Shellshock vulnerability allows for remote code execution using shell callouts to bash below 4.3. payload can be sent simply using curl in http headers.

Exploitation : Curl – shocker.py – Metasploit

Mitigation : Update bash > 4.3 – Dislable shell callouts in /cgi-bin

In this post, we covered the demonstration, exploitation and mitigation of The ShellShock Vulnerability. We used the lab material of HackTheBox Shocker.

Download HackTheBox Shocker learning material in pdf

Video Walk-Through

About the Author

Cybersecurity Trainer MS in Cybersecurity Expertise in Healthcare and Finance Industries Penetration tester and compliance auditor

View Articles