POC详情: 0c249a57015c3b65e5faca898b2287c68eb8fbee

来源
https://github.com/Chocapikk/CVE-2024-3400
关联漏洞
标题: Palo Alto Networks PAN-OS 命令注入漏洞 (CVE-2024-3400)
描述:Palo Alto Networks PAN-OS是美国Palo Alto Networks公司的一款下一代防火墙软件。 Palo Alto Networks PAN-OS 10.2、11.0、11.1存在命令注入漏洞,该漏洞源于GlobalProtect 功能中存在命令注入漏洞,可能使未经身份验证的攻击者在防火墙上以 root权限执行任意代码。
介绍
# CVE-2024-3400 Exploit Tool 🛠️

This Python script is designed to assess and potentially exploit the CVE-2024-3400 vulnerability, which involves a Remote Code Execution (RCE) vulnerability in certain network devices. The script uses directory traversal to potentially execute arbitrary code remotely, or simply identify vulnerable devices.

## Why Disclose A Weaponized Exploit?

Despite submissions to bug bounty programs, where this vulnerability was often classified as "informative," I've chosen to disclose this exploit script publicly. The classification as "informative" frequently undermines the potential impact such vulnerabilities can carry.

This disclosure is not just about showcasing a security flaw but emphasizing the need for a redefined approach to how vulnerabilities are perceived and handled by organizations.

## Features 🌟

- **Single URL Testing:** Targeted testing of a specific device with reverse shell capability.
- **Bulk Scanning:** Efficiently scan multiple URLs from a file to identify vulnerable devices without attempting to open a reverse shell.
- **Verbose Output:** Provides detailed logs and output customization for deeper insight into the scan results.

## Requirements 📋

- Python 3.x
- External libraries: `requests`, `rich`, `pwncat-cs`, `alive_progress`
- Network access to the target device(s)

## Setup 🛠

1. **Install Python Dependencies:**
   ```bash
   pip install requests rich pwncat-cs alive_progress
   ```

2. **Clone the Repository:**
   ```bash
   git clone https://github.com/Chocapikk/CVE-2024-3400
   cd CVE-2024-3400
   ```

## Usage 🚀

1. **Single Target Exploitation:**
   ```bash
   python exploit.py -u <URL> -lh <LocalHost> -lp <LocalPort> -bp <BindPort>
   ```
   - `URL`: Target device URL.
   - `LocalHost`: Your machine's IP address to listen for reverse shell connections.
   - `LocalPort`: Port on your machine to listen for incoming connections.
   - `BindPort`: Optional; use if behind a service like ngrok.

2. **Bulk Scanning Mode:**
   ```bash
   python exploit.py -f <filename> -t <threads> -o <outputfile>
   ```
   - `filename`: File containing a list of URLs to test.
   - `threads`: Number of concurrent threads for scanning.
   - `outputfile`: File to write vulnerable URLs to.

## Output 📄

Results are logged directly to the console and, in bulk scanning mode, to a specified output file. Successful exploitations in single URL mode will provide verbose output indicating the vulnerable status and any additional error messages or connection details.

## Caution ⚠️

Use this tool responsibly. Ensure you have proper authorization before testing devices, as unauthorized testing is illegal and unethical.
文件快照

 [4.0K]  /data/pocs/0c249a57015c3b65e5faca898b2287c68eb8fbee
├── [8.6K]  exploit.py
├── [ 172]  openssl.cnf
├── [2.7K]  README.md
├── [  69]  requirements.txt
└── [3.6K]  scanner_oob.py

0 directories, 5 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。