MCPcopy Index your code
hub / github.com/W01fh4cker/ScreenConnect-AuthBypass-RCE

github.com/W01fh4cker/ScreenConnect-AuthBypass-RCE @main

Chat with this repo
repository ↗ · DeepWiki ↗ · + Follow
16 symbols 58 edges 3 files 0 documented · 0%
What it actually does AI analysis from the code graph — generated when you open this
loading…
README

How to use

I'm using Python3.9

pip install requests
# python check.py
python batchAdduser.py

python ScreenConnect-AuthBypass-RCE.py -h

usage: ScreenConnect-AuthBypass-RCE.py [-h] [-u USERNAME] [-p PASSWORD] -t TARGET [-d DOMAIN] [--proxy PROXY]

CVE-2024-1708 && CVE-2024-1709 --> RCE!!!                                                                    

optional arguments:                                                                                          
  -h, --help            show this help message and exit                                                      
  -u USERNAME, --username USERNAME                                                                           
                        username you want to add                                                             
  -p PASSWORD, --password PASSWORD
                        password you want to add
  -t TARGET, --target TARGET
                        target url
  -d DOMAIN, --domain DOMAIN
                        Description of domain
  --proxy PROXY         eg: http://127.0.0.1:8080

For example:

python ScreenConnect-AuthBypass-RCE.py -t http://192.168.9.100

Bug?NO!

When you encounter the following situation, it indicates that the site cannot be RCE through this script.

The specific reasons can be found at:

https://screenconnect.product.connectwise.com/communities/1/topics/1653-whitelist-custom-extensions-in-65

https://bishopfox.com/blog/connectwise-control-advisory

https://www.connectwise.com/globalassets/media/documents/connectwisecontrolsecurityevaluationmatrix.pdf

If you can get a legal signature, please file issues, thank you very much.

Cyberspace mapping statement

Odin

services.modules.http.headers.server:"screenconnect"

Zoomeye

app:"ScreenConnect Remote Management Software"

Censys

services.http.response.headers:(key: `Server` and value.headers: `ScreenConnect`)

Shodan

"Server: ScreenConnect"

Hunter.how

product.name="ConnectWise ScreenConnect software"

Fofa

app="ScreenConnect-Remote-Support-Software"

Reference

https://www.connectwise.com/company/trust/security-bulletins/connectwise-screenconnect-23.9.8

https://github.com/watchtowrlabs/connectwise-screenconnect_auth-bypass-add-user-poc

https://github.com/rapid7/metasploit-framework/pull/18870

Core symbols most depended-on inside this repo

rand_text_alpha_lower
called by 4
ScreenConnect-AuthBypass-RCE.py
DeleteExtension
called by 3
ScreenConnect-AuthBypass-RCE.py
rand_text_alpha
called by 2
ScreenConnect-AuthBypass-RCE.py
GetAntiForgeryToken
called by 2
ScreenConnect-AuthBypass-RCE.py
main
called by 1
check.py
checkVersion
called by 1
batchAdduser.py
main
called by 1
batchAdduser.py
rand_text_hex
called by 1
ScreenConnect-AuthBypass-RCE.py

Shape

Function 16

Languages

Python100%

Modules by API surface

ScreenConnect-AuthBypass-RCE.py11 symbols
batchAdduser.py3 symbols
check.py2 symbols

For agents

$ claude mcp add ScreenConnect-AuthBypass-RCE \
  -- python -m otcore.mcp_server <graph>

⬇ download graph artifact