June 3, 2026
Exploitation on Pen Tester VM
Know that i know this target open to shellshock vulnerability i will open Metasploit and find a exploit that will work on the VM.
Myles Corey
1 min read
By using the Shellshock vulnerability i used the Apache CGI exploit within Metasploit. Thich attack works by putting in bad commands into the headers which the server will executes.
Now to further prove I'm inside I execute the getuid command which confirmed that I established a secure connection as the pen tester user.