关联漏洞
标题:
Havoc 安全漏洞
(CVE-2024-41570)
描述:Havoc是Havoc Framework开源的一个现代且可扩展的开发后命令和控制框架。 Havoc 2 0.7版本存在安全漏洞,该漏洞源于demon回调处理中存在未经身份验证的服务端请求伪造漏洞,允许攻击者发送来自团队服务器的任意网络流量。
描述
This is a modified version of the CVE-2024-41570 SSRF PoC from @chebuya chained with the auth RCE PoC from @hyperreality. This exploit is made to execute code remotely due to multiple vulnerabilities on Havoc C2 Framework. (https://github.com/HavocFramework/Havoc)
介绍
# Havoc-C2-SSRF-to-RCE
This is a modified version of the CVE-2024-41570 SSRF PoC from [@chebuya](https://github.com/chebuya/Havoc-C2-SSRF-poc) chained with the auth RCE exploit from [@hyperreality](https://github.com/IncludeSecurity/c2-vulnerabilities/tree/main/havoc_auth_rce). This exploit executes code remotely to a target due to multiple vulnerabilities in [Havoc C2 Framework.](https://github.com/HavocFramework/Havoc)
https://github.com/user-attachments/assets/b75c5934-0326-4994-a695-c18bf95a1e25
<br>
```
usage: CVE-2024-41570.py [-h] -t TARGET -i IP -p PORT -U USERNAME -P PASSWORD [-A USER_AGENT] [-H HOSTNAME] [-d DOMAIN_NAME]
[-n PROCESS_NAME] [-ip INTERNAL_IP]
options:
-h, --help show this help message and exit
-t TARGET, --target TARGET
The listener target in URL format
-i IP, --ip IP The IP to open the socket with
-p PORT, --port PORT The port to open the socket with
-U USERNAME, --username USERNAME
The username for authentication
-P PASSWORD, --password PASSWORD
The password for authentication
-A USER_AGENT, --user-agent USER_AGENT
The User-Agent for the spoofed agent
-H HOSTNAME, --hostname HOSTNAME
The hostname for the spoofed agent
-d DOMAIN_NAME, --domain-name DOMAIN_NAME
The domain name for the spoofed agent
-n PROCESS_NAME, --process-name PROCESS_NAME
The process name for the spoofed agent
-ip INTERNAL_IP, --internal-ip INTERNAL_IP
The internal ip for the spoofed agent
```
文件快照
[4.0K] /data/pocs/e816da57fc714f380efd57f0d72fcdd5a7ee581e
├── [ 11K] CVE-2024-41570.py
└── [1.6K] README.md
0 directories, 2 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。