Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2024-21887 PoC — Ivanti Connect Secure 命令注入漏洞

Source
https://github.com/pwniel/ivanti_shell
Associated Vulnerability
Title:Ivanti Connect Secure 命令注入漏洞 (CVE-2024-21887)
Description:Ivanti Connect Secure是美国Ivanti公司的安全远程网络连接工具。 Ivanti Connect Secure 9.x、22.x系列版本、 Ivanti Policy Secure 9.x、22.x系列版本存在命令注入漏洞,该漏洞源于Web 组件中存在命令注入,允许经过身份验证的管理员发送特制请求并在设备上执行任意命令。
Description
CVE-2024-21887 Exploitation with Ngrok Reverse Shell
Readme
# CVE-2024-21887 Exploitation with Ngrok Reverse Shell

This repository provides a Python script designed to demonstrate the exploitation of the CVE-2024-21887 vulnerability in Ivanti Connect Secure gateways. It utilizes Ngrok to establish a reverse shell for educational and ethical testing purposes.
Disclaimer

The tools and scripts provided are for educational and ethical testing purposes only. Unauthorized testing, exploitation, or use of this script on systems without explicit permission is strictly prohibited and potentially illegal. Always obtain permission before conducting any security assessments.
Prerequisites

Before you begin, ensure you have the following:

Python 3.x installed on your system.
Ngrok account and Ngrok installed. Sign up for free if you haven't already.
requests and pyngrok Python libraries. They will be installed as part of the setup process.

## Setup

Clone the Repo

    git clone https://github.com/pwniel/ivanti_shell.git
    cd cve-2024-21887-ngrok-reverse-shell


Install Dependencies:

Use pip to install the required Python libraries:


    pip install -r requirements.txt

## Ngrok Configuration:

After signing up for Ngrok, download and install the Ngrok client from the official website.

Connect your Ngrok account by following the instructions provided in the Ngrok setup guide, which typically involves running a command similar to:



    ngrok authtoken <your_auth_token>

    Replace <your_auth_token> with the token from your Ngrok dashboard.

## Usage

Start the Script:

Run the script with the target Ivanti host as an argument:

    

    python ivanti_shell.py https://target_ivanti_host

Replace https://target_ivanti_host with the actual host you have permission to test.

Interact with the Reverse Shell:

If the exploitation is successful and the reverse shell is established, you will have command line access to the target system through the Ngrok tunnel.
File Snapshot

 [4.0K]  /data/pocs/c667735aaf4efd1dd35a3bd95ded43a01ba71878
├── [2.1K]  ivanti_shell.py
├── [1.9K]  README.md
└── [  17]  requirements.txt

1 directory, 3 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.