Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

Sonicwall SSLVPN - Remote Code Execution (ShellShock)

By kannthu

Vidoc logoVidoc Module

What is the "Sonicwall SSLVPN - Remote Code Execution (ShellShock)" module?

The "Sonicwall SSLVPN - Remote Code Execution (ShellShock)" module is designed to detect a critical vulnerability in Sonicwall SSLVPN. This vulnerability, known as "ShellShock," allows remote unauthenticated attackers to execute arbitrary commands on the target system. The severity of this vulnerability is classified as critical.

This module was authored by PR3R00T.


If exploited, the "Sonicwall SSLVPN - Remote Code Execution (ShellShock)" vulnerability can lead to unauthorized remote code execution on the affected system. This can result in the compromise of sensitive data, unauthorized access, and potential system compromise.

How does the module work?

The module works by sending a specific HTTP request to the target system. The request is designed to exploit the ShellShock vulnerability in Sonicwall SSLVPN. The module then checks for specific matching conditions to determine if the vulnerability is present.

Here is an example of the HTTP request:

GET /cgi-bin/ HTTP/1.1
Host: <Hostname>
User-Agent: "() { :; }; echo ; /bin/bash -c 'cat /etc/passwd'"
Accept: */*

The module includes two matching conditions:

- The first condition checks the response body for the presence of the "root:.*:0:0:" pattern, indicating a successful exploitation of the vulnerability. - The second condition checks the HTTP response status code, expecting a 200 status code to confirm the vulnerability.

If both conditions are met, the module reports the presence of the vulnerability.

Module preview

Concurrent Requests (1)
1. HTTP Request template
Raw request
Matching conditions
regex: root:.*:0:0:and
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability