Skip to content

ShellShock
Compare
Choose a tag to compare
@dotcppfile dotcppfile released this 12 Feb 13:56
· 41 commits to master since this release
13/2/2015
a1e14ee

Updates

1. Thanks to Starfall's Exploit and to Dyme who shared his part of it in a Pull Request, DAws now supports the usage of CVE-2014-6271 (ShellShock). It's currently based on exploiting a mail server but we've been working on going after CGI scripts and since we started it already (you can find the code, commented, on line 773) we will finish it and append it as well, so there will be 2 methods ready to be used. We will be upgrading both with the following exploits in the near future. 2. As promised, the CGI Batch Script has been fixed and it supports base64 encoding now and works perfectly, it's completely related to DAws so you do not have to worry about anything and yes, we know that base64 isn't the best but we gonna have to stick with it for now. Also, the CGI Batch Script's source has been released and you can find it here. 3. A huge bug was found in the `Directory Roaming Function`, for Windows, which wasn't getting the job done. 4. A huge bug was found in the PHP code related to dropping the CGI Batch Script.

And I guess that's it for today, let us know what happens; we're willing to update, upgrade, fix and do whatever is needed to keep DAws up and running properly.

Thanks for supporting the project,
dotcppfile and Aces.

Assets 2
Loading