CVE-2014-6271CISA KEV: Actively Exploited

GNU Bourne-Again Shell (Bash) Arbitrary Code Execution Vulnerability

Published Jan 28, 2022·Updated Jan 28, 2022

Description

GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute code.

Public Exploits & PoCs82 found

PoC: exploit-CVE-2014-6271

Shellshock exploit + vulnerable environment

131

PoC: shellshock_scanner

Python Scanner for "ShellShock" (CVE-2014-6271)

43

PoC: vaas-cve-2014-6271

Vulnerability as a service: showcasing CVS-2014-6271, a.k.a. Shellshock

20

PoC: CGIShell

shellshock CVE-2014-6271 CGI Exploit, Use like Openssh via CGI

14

PoC: shellshock-cgi

A python script to enumerate CGI scripts vulnerable to CVE-2014-6271 on one specific server

10

PoC: Shellshock-Vulnerability-Scan

Android app to scan for bash Vulnerability - CVE-2014-6271 also known as Shellshock

9

PoC: ShellShock-CGI-Scan

A script, in C, to check if CGI scripts are vulnerable to CVE-2014-6271 (The Bash Bug).

8

PoC: ansible-bashpocalypse

Patch for CVE-2014-6271

6

PoC: BadBash

CVE-2014-6271 (ShellShock) RCE PoC tool

4

PoC: CVE-2014-6271

Shellshock exploit aka CVE-2014-6271

3

PoC: CVE-2014-6271

Shellshock exploitation script that is able to upload and RCE using any vector due to its versatility.

3

PoC: shellshocker-python

This is a Python Application that helps you detect if your machine that run bash is vulnerable by CVE-2014-6271

3

PoC: pyshellshock

:scream: Python library and utility for CVE-2014-6271 (aka. "shellshock")

2

PoC: RIS

CVE-2014-6271 Remote Interactive Shell - PoC Exploit

2

PoC: Rainstorm

CVE-2014-6271 RCE tool

2

PoC: CVE-2014-6271

its simple Shellshock exploit

1

PoC: Shellshock-Exploit

Exploit para abusar de la vulnerabilidad Shellshock (CVE-2014-6271).

1

PoC: CVE-2014-6271-Shellshock

The Shellshock Exploit is a tool designed to efficiently exploit the Shellshock vulnerability (CVE-2014-6271) in susceptible CGI servers, enabling a precise takeover of the target server. Shellshock is a critical security vulnerability that affects the Bash shell, allowing attackers to execute arbitrary commands on the targeted system

1

PoC: CVE-2014-6271

"Shellshock" Vulnerability. Remote code execution in Apache with mod_cgi

1

PoC: cve-2014-6271

cve-2014-6271 (Shellshock) Bash CGI exploit/Bash binary exploit

1

PoC: CVE-2014-6271-Apache-Debian

This Repo is PoC environment of CVE-2014-6271(https://nvd.nist.gov/vuln/detail/cve-2014-6271).

1

PoC: ShockZaum-CVE-2014-6271

Shellshock vulnerability attacker

1

PoC: CVE-2014-6271

Shellshock POC | CVE-2014-6271 | cgi-bin reverse shell

1

PoC: shellshocker-android

This is an Android Application that helps you detect if your machine that run bash is vulnerable by CVE-2014-6271

1

PoC: puppet-shellshock

This module determine the vulnerability of a bash binary to the shellshock exploits (CVE-2014-6271 or CVE-2014-7169) and then patch that where possible

1

PoC: ShellShock-CGI-Scan

A script, in C, to check if CGI scripts are vulnerable to CVE-2014-6271 (The Bash Bug)

1

PoC: shellshock-shell

A simple python shell-like exploit for the Shellschok CVE-2014-6271 bug.

1

PoC: salt-shellshock

Salt recipe for shellshock (CVE-2014-6271)

1

PoC: shellshock

scripts associate with bourne shell EVN function parsing vulnerability CVE-2014-6271

1

PoC: shocknaww

Simple script to check for CVE-2014-6271

1

PoC: Cgi-bin_bash_Reverse

Written fro CVE-2014-6271

1

PoC: Shellshock_CVE-2014-6271

Shellshock

PoC: Blind-SSRF-to-Remote-Code-Execution-Shellshock-Professional-Bug-Bounty-Report

This repository contains a professional bug bounty report demonstrating the successful exploitation of a Blind SSRF vulnerability that reached an internal CGI endpoint vulnerable to Shellshock (CVE-2014-6271). Remote command execution was confirmed using an out-of-band (OAST) DNS callback, showcasing the complete attack chain, technical analysis.

PoC: Shocker-TJNULL-OSCP-

"A professional walkthrough of HTB: Shocker. Demonstrates remote directory fuzzing to discover CGI scripts, manual exploitation of the Shellshock vulnerability (CVE-2014-6271), and privilege escalation via misconfigured Sudo Perl permissions using GTFOBins vectors."

PoC: -pentesting-obioba

Pentesting caja negra: Shellshock (CVE-2014-6271) + Log4Shell (CVE-2021-44228). Escalada a root. Informe ejecutivo y técnico

PoC: Penetration-Testing-Walkthrough-Hacksudo-Thor

Black-box penetration test against HackSudo Thor : CVE-2014-6271 Shellshock RCE through Apache mod_cgi, chained with sudo misconfiguration and bash eval injection for full privilege escalation. Includes custom CSRF-aware brute force tooling and Metasploit RPC automation.

PoC: Mobile-Drop-Device-SOC-Detection

End-to-end simulation of detecting a root-less Android Drop Device (Casper) using Wazuh SIEM to capture Layer 7 attacks like Shellshock (CVE-2014-6271).

PoC: it355-lab4-enterprise-lan-security

This repository contains a comprehensive security assessment of an enterprise LAN environment. The core focus of this project was the identification, exploitation, and remediation of the **Shellshock (CVE-2014-6271)** vulnerability within a Linux-based web server.

PoC: CVE-2014-6271

CVE-2014-6271

PoC: CVE-2014-6271-Shellshock

CVE-2014-6271 Shellshock

PoC: bash-apocalypse

Recreating Shellshock (CVE-2014-6271) - the bash vulnerability that endangered millions of servers. Automated exploitation toolkit + Burp Suite methodology + Docker lab. Built for security research & education. Offensive security portfolio project.

PoC: CVE-2014-6271-Shellshock-

A complete, modern demonstration lab for CVE-2014-6271 (Shellshock), including architecture, exploitation steps, Burp Suite usage, reverse shells, countermeasures, and full command cheat-sheet.

PoC: CVE-2014-6271

This is my implementation of shellshock exploit

PoC: Shellshock_vuln_Exploit

CVE-2014-6271(RCE) poc Exploit

PoC: CVE-2014-6271

Shellshock Vulnerability Scanner

PoC: CVE-2014-6271-SHELLSHOCK

Vulnerability Exploitation

PoC: CVE-2014-6271

Projet de présentation d'une CVE (ShellShock) avec pdf, démonstration technique et reproductible

PoC: CVE-2014-6271-EXPLOIT

A PoC exploit for CVE-2014-6271 - Shellshock

PoC: shellshock

Shelly is a lightweight and efficient vulnerability scanner designed to identify and mitigate Shellshock (CVE-2014-6271 & CVE-2014-7169) vulnerabilities in Bash environments.

PoC: shellshock

Python3 Shellshock (CVE-2014-6271) Scanner

PoC: Shellshock

Shellshock exploit (CVE-2014-6271)

PoC: CVE-2014-6271

EXPLOIT FOR CVE-2014-6271

PoC: CVE-2014-6271

Shellshock vulnerability reverse shell

PoC: CVE-2014-6271-Shellshock-Vulnerability-vazft

Shellshock is a vulnerability that allows systems containing a vulnerable version of Bash to be exploited to execute commands with higher privileges. This allows attackers to potentially take over that system. In the demo, we will learn how to detect and exploit such vulnerabilities in a given target.

PoC: CVE-2014-6271-Shellshock-Vulnerability

Shellshock is a vulnerability that allows systems containing a vulnerable version of Bash to be exploited to execute commands with higher privileges. This allows attackers to potentially take over that system. In the demo, we will learn how to detect and exploit such vulnerabilities in a given target.

PoC: -CVE-2014-6271-Shellshock-Remote-Command-Injection-

[CVE-2014-6271] Apache Shellshock Remote Command Injection tool for quick reverse shell and file browsing

PoC: PenTesting

### **Awesome Penetration Testing** [![Links Check](https://4.bp.blogspot.com/-_NIGc5XKpSw/WHt9d7wCXaI/AAAAAAAAB0o/OYIv8EWjIoYh44jfxIRSrRYbgrn3MZKEQCLcB/s1600/penetration%2Btesting.png)](http://kalitut.com) [![10 Common Hacking Techniques](http://img.youtube.com/vi/V3CTfJ2ZP7M/0.jpg)](http://www.youtube.com/watch?v=V3CTfJ2ZP7M "10 Common Hacking Techniques") A collection of awesome penetration testing resources - [Online Resources](#online-resources) - [Penetration Testing Resources](#penetration-testin

PoC: shellshock-victim-host

A docker container vulnerable to Shellshock - CVE-2014-6271

PoC: shellshock.sh

Tested in HackTheBox - Shocker (Easy) CVE-2014-6271

PoC: CVE-2014-6271

ShellShock interactive-shell exploit

PoC: shellshock

CVE-2014-6271 Shellshock

PoC: ShellShock

Local and Remote scan for shellshock vulnerability for Bash versions lower than 4.3.* [CVE-2014-6271].

PoC: ShellShock

A python script intended to automate cgi-bin based exploitation of the ShellSchock vulnerability (CVE-2014-6271)

PoC: CVE-2014-6271-Shellshock-

This is an individual assignment for secure network programming

PoC: Shell-Shock

*CVE-2014-6271* Unix Arbitrary Code Execution Exploit commonly know as Shell Shock. Examples, Docs, Incident Response and Vulnerability/Risk Assessment, and Additional Resources may be dumped here. Enjoy :) --- somhmxxghoul ---

PoC: bash-shellshock

cve-2014-6271

PoC: cve-2014-6271

cve-2014-6271

PoC: CVE-2014-6271

CS4238 Computer Security Practices

PoC: shellshock-shell

A simple python shell-like exploit for the Shellschok CVE-2014-6271 bug.

PoC: cve-2014-6271-huan-lu

reading course

PoC: cve-2014-6271-mengjia-kong

system reading course

PoC: shellshock_crawler

Using google to scan sites for "ShellShock" (CVE-2014-6271)

PoC: shellshock_crawler

Using google to scan sites for "ShellShock" (CVE-2014-6271)

PoC: debian-lenny-bash_3.2.52-cve-2014-6271

Debian Lenny Bash packages with cve-2014-6271 patches (i386 and amd64)

PoC: bash-fix-exploit

Ansible role to check the CVE-2014-6271 vulnerability

PoC: CVE-2014-6271

scaner for cve-2014-6271

PoC: vagrant-shellshock

CVE-2014-6271の検証用Vagrantfileです

PoC: Nessus_CVE-2014-6271_check

Quick and dirty nessus .audit file to check is bash is vulnerable to CVE-2014-6271

PoC: bash-up

a auto script to fix CVE-2014-6271 bash vulnerability

PoC: cookbook-bash-CVE-2014-6271

Chef cookbook that will fail if bash vulnerability found per CVE-2014-6271

PoC: patched-bash-4.3

patched-bash-4.3 for CVE-2014-6271

PoC: bash-cve-2014-6271-fixes

Collected fixes for bash CVE-2014-6271

References

View on NVD Search GitHub Search Google

Get alerted for CVEs like this

Register your stack and get notified within minutes when a matching CVE drops.

Start monitoring free