Vulnerability Exploitation Using Metasploit

The Metasploit framework is a very powerful tool capable of information gathering, vulnerability analysis, exploit vulnerabilities and etc. For a full tutorial, visit

For demonstration, we will exploit CVE-2014-6271 in a DVL(damn vulnerable linux). This exploit will allow us to gain access to the victim’s shell.

1. Run msfconsole in terminal to start

2. Search Shellshock

3. Use apache mod_cgi bash environment variable code injection.

4. Check options to fill (Need to fill RHost, payload, targetURI and lhost)

5. Find IP of target (

6. Search payloads for shell reverse tcp.

7. Use shell reverse tcp

8. Set URI to /cgi-bin/status/

9. Set lhost to attacker IP

10. Use ‘check’ to see if target is vulnerable

11. Start exploit

12. Check if on another machine using whoami and ifconfig.(We are in the victim)

This entry was posted in Uncategorized. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *