Shellshock vulnerability allows for remote code execution using shell callouts to bash below 4.3. payload can be sent simply using curl in http headers.

Exploitation : Curl – shocker.py – Metasploit

Mitigation : Update bash > 4.3 – Dislable shell callouts in /cgi-bin

In this post, we covered the demonstration, exploitation and mitigation of The ShellShock Vulnerability. We used the lab material of HackTheBox Shocker.

Download HackTheBox Shocker learning material in pdf

Get OSCP Certificate Notes

Video Walk-Through

https://www.youtube.com/watch?v=QEaZDAB7X1A
,
Show Comments

Motasem

About the Author

I create cybersecurity notes, digital marketing notes and online courses. I also provide digital marketing consulting including but not limited to SEO, Google & Meta ads and CRM administration.

View Articles