POC详情: 35ad841e240cf7c21e57c49adf2e2299e11ee7c4

来源
https://github.com/W01fh4cker/ScreenConnect-AuthBypass-RCE
关联漏洞
标题: ConnectWise ScreenConnect 安全漏洞 (CVE-2024-1709)
描述:ConnectWise ScreenConnect是ConnectWise公司的一种自托管远程桌面软件应用程序。 ConnectWise ScreenConnect 23.9.7及之前版本存在安全漏洞,该漏洞源于受到使用备用路径或通道绕过身份验证的影响,可能允许攻击者直接访问机密信息或关键系统。
描述
ScreenConnect AuthBypass(cve-2024-1709) --> RCE!!!
介绍
# How to use

I'm using `Python3.9`

```
pip install requests
# python check.py
python batchAdduser.py
```

![](https://github.com/W01fh4cker/ScreenConnect-AuthBypass-POC-EXP/assets/101872898/9f9be7be-d607-4fcf-97dc-2d8a4939db5e)

```text
python ScreenConnect-AuthBypass-RCE.py -h

usage: ScreenConnect-AuthBypass-RCE.py [-h] [-u USERNAME] [-p PASSWORD] -t TARGET [-d DOMAIN] [--proxy PROXY]
                                                                                                             
CVE-2024-1708 && CVE-2024-1709 --> RCE!!!                                                                    
                                                                                                             
optional arguments:                                                                                          
  -h, --help            show this help message and exit                                                      
  -u USERNAME, --username USERNAME                                                                           
                        username you want to add                                                             
  -p PASSWORD, --password PASSWORD
                        password you want to add
  -t TARGET, --target TARGET
                        target url
  -d DOMAIN, --domain DOMAIN
                        Description of domain
  --proxy PROXY         eg: http://127.0.0.1:8080
```
For example:
```shell
python ScreenConnect-AuthBypass-RCE.py -t http://192.168.9.100
```

![](https://github.com/W01fh4cker/ScreenConnect-AuthBypass-POC-EXP/assets/101872898/c6d6a60e-433f-4f80-807d-dc7bc061cb96)

# Bug?NO!

When you encounter the following situation, it indicates that the site cannot be RCE through this script.  

![](https://github.com/W01fh4cker/ScreenConnect-AuthBypass-RCE/assets/101872898/422f1228-d913-4296-9eea-9e0685489ad9)

The specific reasons can be found at:  

> https://screenconnect.product.connectwise.com/communities/1/topics/1653-whitelist-custom-extensions-in-65
>
> https://bishopfox.com/blog/connectwise-control-advisory
>
> https://www.connectwise.com/globalassets/media/documents/connectwisecontrolsecurityevaluationmatrix.pdf

![](https://github.com/W01fh4cker/ScreenConnect-AuthBypass-RCE/assets/101872898/379191d2-862f-4a02-876f-850a771c1ddf)

If you can get a legal signature, please file issues, thank you very much.

# Cyberspace mapping statement

## Odin

```
services.modules.http.headers.server:"screenconnect"
```

## Zoomeye
```
app:"ScreenConnect Remote Management Software"
```

## Censys

```
services.http.response.headers:(key: `Server` and value.headers: `ScreenConnect`)
```

## Shodan

```
"Server: ScreenConnect"
```

## Hunter.how

```
product.name="ConnectWise ScreenConnect software"
```

## Fofa

```
app="ScreenConnect-Remote-Support-Software"
```

# Reference

https://www.connectwise.com/company/trust/security-bulletins/connectwise-screenconnect-23.9.8

https://github.com/watchtowrlabs/connectwise-screenconnect_auth-bypass-add-user-poc  

https://github.com/rapid7/metasploit-framework/pull/18870
文件快照

 [4.0K]  /data/pocs/35ad841e240cf7c21e57c49adf2e2299e11ee7c4
├── [3.8K]  batchAdduser.py
├── [1.3K]  check.py
├── [3.0K]  README.md
└── [ 12K]  ScreenConnect-AuthBypass-RCE.py

0 directories, 4 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。