POC详情: e816da57fc714f380efd57f0d72fcdd5a7ee581e

来源
https://github.com/sebr-dev/Havoc-C2-SSRF-to-RCE
关联漏洞
标题: Havoc 安全漏洞 (CVE-2024-41570)
描述:Havoc是Havoc Framework开源的一个现代且可扩展的开发后命令和控制框架。 Havoc 2 0.7版本存在安全漏洞,该漏洞源于demon回调处理中存在未经身份验证的服务端请求伪造漏洞,允许攻击者发送来自团队服务器的任意网络流量。
描述
This is a modified version of the CVE-2024-41570 SSRF PoC from @chebuya chained with the auth RCE PoC from @hyperreality. This exploit is made to execute code remotely due to multiple vulnerabilities on Havoc C2 Framework. (https://github.com/HavocFramework/Havoc)
介绍
# Havoc-C2-SSRF-to-RCE
This is a modified version of the CVE-2024-41570 SSRF PoC from [@chebuya](https://github.com/chebuya/Havoc-C2-SSRF-poc) chained with the auth RCE exploit from [@hyperreality](https://github.com/IncludeSecurity/c2-vulnerabilities/tree/main/havoc_auth_rce). This exploit executes code remotely to a target due to multiple vulnerabilities in [Havoc C2 Framework.](https://github.com/HavocFramework/Havoc)



https://github.com/user-attachments/assets/b75c5934-0326-4994-a695-c18bf95a1e25

<br>

```
usage: CVE-2024-41570.py [-h] -t TARGET -i IP -p PORT -U USERNAME -P PASSWORD [-A USER_AGENT] [-H HOSTNAME] [-d DOMAIN_NAME]
                         [-n PROCESS_NAME] [-ip INTERNAL_IP]

options:
  -h, --help            show this help message and exit
  -t TARGET, --target TARGET
                        The listener target in URL format
  -i IP, --ip IP        The IP to open the socket with
  -p PORT, --port PORT  The port to open the socket with
  -U USERNAME, --username USERNAME
                        The username for authentication
  -P PASSWORD, --password PASSWORD
                        The password for authentication
  -A USER_AGENT, --user-agent USER_AGENT
                        The User-Agent for the spoofed agent
  -H HOSTNAME, --hostname HOSTNAME
                        The hostname for the spoofed agent
  -d DOMAIN_NAME, --domain-name DOMAIN_NAME
                        The domain name for the spoofed agent
  -n PROCESS_NAME, --process-name PROCESS_NAME
                        The process name for the spoofed agent
  -ip INTERNAL_IP, --internal-ip INTERNAL_IP
                        The internal ip for the spoofed agent
```
文件快照

 [4.0K]  /data/pocs/e816da57fc714f380efd57f0d72fcdd5a7ee581e
├── [ 11K]  CVE-2024-41570.py
└── [1.6K]  README.md

0 directories, 2 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。