This is a tool that uses an exploit called CVE-2013-2028 to excecute a bind shell on the target server that's running Nginx 1.3.9 or 1.4.0. It can be downloaded here (you will need to run it from the command line) Usage: nginxhack [target] [target port] [target bind port]