Exploitation using Metasploit

Launch the Metasploit console from Terminal (msfconsole). You need to select the apache_mod_cgi_bash_env_exec exploit under exploit/multi/http:

use exploit/multi/http/apache_mod_cgi_bash_env_exec

Then you need to define the remote host and target URI value using the set command. You also need to select the reverse_tcp payload that will make the web server connect to the attacker's machine. This can be found by navigating to linux | x86 | meterpreter.

Make sure that the localhost (SRVHOST) and local port (SRVPORT) values are correct. You can set these and other values using the set command:

set SRVHOST 0.0.0.0
set SRVPORT 8080

Using the 0.0.0.0 host, the server will listen through all of the network interfaces enabled by the attacker. Also, verify that there are no services already running on the port selected of the attacker's machine:

Once you are ready, enter exploit, and you will be greeted by a meterpreter prompt if the server is vulnerable to shellshock. A shell is the most valuable possession of a hacker. The meterpreter session is a very useful tool during the post-exploitation phase. During this phase, the hacker truly understands the value of the machine that they have compromised. Meterpreter has a large collection of built-in commands.

Meterpreter is an advanced remote shell included in Metasploit. When executed in Windows systems, it includes modules to escalate privileges, dump passwords and password hashes, impersonate users, sniff network traffic, log keystrokes, and perform many other exploits in the target machine.

The following screenshot shows the output of the sysinfo command and a remote system shell within Meterpreter:

Table of Contents for Exploitation using Metasploit

Create new playlist

Sign In

Sign Up

Table of Contents for
Exploitation using Metasploit