关联漏洞
标题:Havoc 安全漏洞 (CVE-2024-41570)Description:Havoc是Havoc Framework开源的一个现代且可扩展的开发后命令和控制框架。 Havoc 2 0.7版本存在安全漏洞,该漏洞源于demon回调处理中存在未经身份验证的服务端请求伪造漏洞,允许攻击者发送来自团队服务器的任意网络流量。
Description
CVE-2024-41570: Havoc C2 0.7 Teamserver SSRF exploit
介绍
# CVE-2024-41570: Havoc-C2-SSRF-poc
This exploit works by spoofing a demon agent registration and checkins to open a TCP socket on the teamserver and read/write data from it. This allows attackers to leak origin IPs of teamservers and much more.
Full analysis: https://blog.chebuya.com/posts/server-side-request-forgery-on-havoc-c2/
https://github.com/user-attachments/assets/9ab99915-8a8c-4bbd-b762-00280a23703c
```
usage: exploit.py [-h] -t TARGET -i IP -p PORT [-A USER_AGENT] [-H HOSTNAME] [-u USERNAME] [-d DOMAIN_NAME]
[-n PROCESS_NAME] [-ip INTERNAL_IP]
options:
-h, --help show this help message and exit
-t TARGET, --target TARGET
The listener target in URL format
-i IP, --ip IP The IP to open the socket with
-p PORT, --port PORT The port to open the socket with
-A USER_AGENT, --user-agent USER_AGENT
The User Agent for the spoofed agent
-H HOSTNAME, --hostname HOSTNAME
The hostname for the spoofed agent
-u USERNAME, --username USERNAME
The username for the spoofed agent
-d DOMAIN_NAME, --domain-name DOMAIN_NAME
The domain name for the spoofed agent
-n PROCESS_NAME, --process-name PROCESS_NAME
The process name for the spoofed agent
-ip INTERNAL_IP, --internal-ip INTERNAL_IP
The internal ip for the spoofed agent
```
文件快照
[4.0K] /data/pocs/3771af574731f24eaa520c1e4b73900536789115
├── [7.9K] exploit.py
└── [1.4K] README.md
0 directories, 2 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮件到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对 POC 代码进行快照,为了长期维护,请考虑为本地 POC 付费/捐赠,感谢您的支持。