As a penetration tester, the best outcome of any given exploit is to achieve remote code execution. However, there are cases in which we might just want to determine if a remote code execution vulnerability is exploitable but don't want to actually follow through the entire exploitation and post-exploitation process. One way to do this is to create a web server that will log interaction and use a given exploit to execute code that would cause the remote host to interact with the web server. This recipe will demonstrate how to write a custom script for validating remote code execution vulnerabilities with HTTP traffic.
To validate vulnerabilities using HTTP interaction, you will need to have a system that is running software with a remote code execution vulnerability. Additionally, this section will require a script to be written to the filesystem by using a text editor such as VIM or Nano. For more information on writing scripts...