This module runs a DHCP server. When requests (DHCPREQUEST or DHCPDISCOVER) are received, it will respond with an offer according to the given configuration, and it will include a string leveraging the GNU Bash Environment Variables Injection vulnerability into the DHCP's 'default-url' option to register a crond script, that'll subsequently download and execute an Impact agent, using the target system's wget. The injection will be tried once per MAC. Keep in mind that a successful attack requires that the attacked hosts have connectivity to Impact's web server after the attack -which might set new network settings in the target-, so consider changing the source agent for the web server module if you're attacking from an agent different from /localagent. Also, if the source agent has multiple network interfaces listed, select the appropriate one for the network you're attacking. If the agent is running in a host with more than one network interface, be sure to select the appropriate one so the module receives and responds in the correct network. This module requires that the pcap plugin be installed.
CVE Link
Exploit Platform
Product Name