## https://sploitus.com/exploit?id=29C3F2E9-43AA-5F0F-98C3-237B4889A97A
https://github.com/chebuya/CVE-2024-30850-chaos-rat-rce-poc/assets/146861503/ac03c8c7-54b3-4280-9f29-719c44af5192
# CHAOS RAT v5.01 web panel RCE (CVE-2024-30850, CVE-2024-31839)
https://github.com/tiagorlampert/CHAOS <br>
This exploit works by spoofing an agent callback for an XSS (CVE-2024-31839), and leveraging the XSS to exploit a command injection vulnerability (CVE-2024-30850) in the admin web panel. This leads to compromise of the RAT server and rickrolling of RAT panel operators.
Full explaination: https://blog.chebuya.com/posts/remote-code-execution-on-chaos-rat-via-spoofed-agents/ <br>
```
python3 exploit.py exploit -h
usage: exploit.py exploit [-h] [-f FILE] [-t TARGET] [-c COMMAND] [-v VIDEO_NAME] [-j JWT] -l LOCAL_IP [-p LOCAL_PORT] [-H HOSTNAME] [-u USERNAME] [-o OS]
[-m MAC] [-i IP]
options:
-h, --help show this help message and exit
-f FILE, --file FILE The path to the CHAOS client
-t TARGET, --target TARGET
The url of the CHAOS server (127.0.0.1:8080)
-c COMMAND, --command COMMAND
The command to use
-v VIDEO_NAME, --video-name VIDEO_NAME
The video name to use
-j JWT, --jwt JWT The JWT token to use
-l LOCAL_IP, --local-ip LOCAL_IP
The local IP to use for serving bash script and mp4
-p LOCAL_PORT, --local-port LOCAL_PORT
The local port to use for serving bash script and mp4
-H HOSTNAME, --hostname HOSTNAME
The hostname to use for the spoofed client
-u USERNAME, --username USERNAME
The username to use for the spoofed client
-o OS, --os OS The OS to use for the spoofed client
-m MAC, --mac MAC The MAC address to use for the spoofed client
-i IP, --ip IP The IP address to use for the spoofed client
```
![oopsec](https://github.com/chebuya/CVE-2024-30850-chaos-rat-rce-poc/assets/146861503/25835d48-d967-495a-8e84-756153a82246)