· 15 min easy Linux Shocker
HTB: Shocker
A CGI bash script on Apache 2.4.18 is vulnerable to Shellshock (CVE-2014-6271), yielding RCE via a crafted User-Agent header. A sudo NOPASSWD entry for Perl completes the path to root. The real challenge is handling stdout pollution in CGI context.
#htb
#linux
#shellshock
#cgi +2