Giter VIP home page Giter VIP logo

cve-2024-3273's Introduction

๐Ÿ› ๏ธ CVE-2024-3273 Exploit Tool

๐ŸŒŸ Introduction

This script is a powerful exploitation tool for the CVE-2024-3273 vulnerability found in specific versions of D-Link NAS devices. It enables command execution and unauthorized access to the affected devices.

โš™๏ธ Installation

To set up the exploitation tool, follow these steps:

  1. Clone the repository:
git clone https://github.com/Chocapikk/CVE-2024-3273.git
  1. Navigate to the tool's directory:
cd CVE-2024-3273
  1. Install the required Python packages:
pip install -r requirements.txt

๐Ÿš€ Usage

To use the tool, run the script from the command line as follows:

python exploit.py [options]

Options

  • -u, --url: Specify the target URL or IP address.

  • -f, --file: Specify a file containing a list of URLs to scan.

  • -t, --threads: Set the number of threads for concurrent scanning.

  • -o, --output: Define an output file to save the scan results.

When a single URL is provided with the -u option and the target is vulnerable, the script will attempt to open an interactive shell.

Example

$ python3 exploit.py -u http://127.0.0.1
[+] Command executed successfully.
[!] http://127.0.0.1 is vulnerable to CVE-2024-3273: uid=0(root) gid=0(root)
[+] Opening interactive shell...
$ id
[+] Command executed successfully.
uid=0(root) gid=0(root)

๐Ÿ“Š Mass Scanning

For mass scanning, use the -f option with a file containing URLs. The tool will scan each URL and print concise results, indicating whether each target is vulnerable.

python exploit.py -f urls.txt

๐Ÿ—’๏ธ Affected Versions

The vulnerability affects the following versions of D-Link NAS devices:

  • DNS-320L Version 1.11, Version 1.03.0904.2013, Version 1.01.0702.2013
  • DNS-325 Version 1.01
  • DNS-327L Version 1.09, Version 1.00.0409.2013
  • DNS-340L Version 1.08

These systems are considered to be end-of-life (EOL), meaning they are no longer supported or receiving updates from the manufacturer. It is strongly recommended that these systems are no longer used.

๐Ÿ›ก๏ธ Disclaimer

Use this tool responsibly and ethically. Always obtain proper authorization before testing any system for vulnerabilities.

๐Ÿ‘ Acknowledgments

Special thanks to the researcher @netsecfish for their work in identifying this vulnerability.

cve-2024-3273's People

Contributors

chocapikk avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.