Support Crack-Vault and help us keep providing free tools. Every donation counts! (BTC) Address: bc1qhhva8uplmkaa3kkwxnux9t3y6l6kmhnwqzktzn

Proof of Concept for CVE-2024-55591 Exploit

gim454

This script is a Proof of Concept (PoC) designed to test and exploit the CVE-2024-55591 vulnerability in vulnerable versions of FortiOS and FortiProxy. It bypasses authentication on Fortinet devices running vulnerable firmware, potentially allowing unauthorized access to sensitive management interfaces.

Warning: This PoC is intended for educational purposes and to demonstrate the exploitability of the CVE. It should only be used in a controlled environment with explicit permission from the target system's owner.
Affected Versions

FortiOS: v7.0.0 to v7.0.16
FortiProxy: v7.0.0 to v7.0.19, v7.2.0 to v7.2.12

For more information about this vulnerability, refer to the FortiGuard PSIRT advisory.
Prerequisites

The script requires the following Python libraries to be installed:

requests: A simple HTTP library to make requests to the target system.
urllib3: To handle SSL certificates and HTTP requests securely.

You can install these dependencies via pip:

pip install requests urllib3

Optional: WebSocket & SSL Handling

The script handles WebSocket connections for exploitation and optionally uses SSL to connect to the target system.
Usage

Clone the repository (or copy the script):

git clone https://github.com/rawtips/CVE-2024-55591.git
cd CVE-2024-55591

Run the exploit:

python3 exploit.py

The script will guide you through a series of prompts to gather input:

Target IP/Hostname: Enter the IP address or hostname of the target system.
Ports: Input a port to connect to (usually the management port, like 443 for SSL).
SSL Option: Choose whether to use SSL (recommended for secure connections).
Command Selection: Choose an initial command to run on the target system after successful exploitation (e.g., get system info, execute reboot).
Post-Exploitation: Optionally run additional commands (e.g., diagnostic tools, shell access).

Exploitation Process:

The script will attempt to connect to the target system's management interface and exploit CVE-2024-55591 by bypassing the login mechanism.
Once connected, it will send the initial command and, if desired, execute post-exploitation commands.

Link

📱

Download Now—Top Software, No Cost!