The Metasploit framework is a very powerful tool capable of information gathering, vulnerability analysis, exploit vulnerabilities and etc. For a full tutorial, visit https://www.offensive-security.com/metasploit-unleashed/.
For demonstration, we will exploit CVE-2014-6271 in a DVL(damn vulnerable linux). This exploit will allow us to gain access to the victim’s shell.
1. Run msfconsole in terminal to start
2. Search Shellshock
3. Use apache mod_cgi bash environment variable code injection.
4. Check options to fill (Need to fill RHost, payload, targetURI and lhost)
5. Find IP of target (10.10.0.147)
6. Search payloads for shell reverse tcp.
7. Use shell reverse tcp
8. Set URI to /cgi-bin/status/
9. Set lhost to attacker IP
10. Use ‘check’ to see if target is vulnerable
11. Start exploit
12. Check if on another machine using whoami and ifconfig.(We are in the victim)
