Arbitrary File Read in Check Point Security Gateways

Repository contains a single Python proof-of-concept exploit for CVE-2024-24919 (Check Point information disclosure / arbitrary file read). Structure: (1) CVE-2024-24919.py: interactive CLI that accepts a single IP or a file of IPs plus a port, then sends HTTPS POST requests to the fixed endpoint /clients/MyCRL with a crafted traversal string in the POST body (prefix 'aCSHELL/' followed by many '../') to retrieve sensitive files; prints response text on success and status/errors otherwise; TLS certificate verification is disabled. (2) README.md: describes the vulnerability, affected products, and basic run instructions. (3) requirements.txt: depends only on the 'requests' library. No post-exploitation (no RCE, no shell) is implemented—capability is limited to unauthenticated file disclosure of predefined paths (or all of them via menu option).

This repository contains a Python-based exploit script targeting CVE-2024-24919, a path traversal vulnerability in Check Point Security Gateway devices. The exploit (eploit.py) reads a list of target URLs from a file and attempts to retrieve sensitive files (by default /etc/shadow) from each target by sending a crafted POST request to the /clients/MyCRL endpoint. The script uses custom HTTP headers to mimic legitimate browser traffic and checks the response for evidence of successful exploitation (e.g., presence of 'root:' or 'nobody:' in the response). Results are displayed in the terminal and logged to a local file (hasil_scan.txt). The repository also includes a README.md with usage instructions, dependencies, and a description of the vulnerability. The exploit is operational, providing real file exfiltration if the target is vulnerable, and is intended for security testing and educational purposes only.

This repository provides a proof-of-concept exploit for CVE-2024-24919, a critical path traversal vulnerability in Check Point SVN. The main file, CVE-2024-24919.py, is a Python script that reads a list of target IPs/domains from 'domain-IP.txt' and attempts to exploit each by sending a crafted POST request to the '/clients/MyCRL' endpoint over HTTPS. The exploit leverages path traversal in the request body to read arbitrary files from the target system, defaulting to '/etc/passwd' to confirm vulnerability. The script interacts with the user to optionally display the response or attempt to read different files. The repository structure is simple, containing the exploit script and a README with usage instructions and background on the vulnerability. No weaponized or automated post-exploitation payloads are present; the exploit is a functional PoC for file read.

This repository provides a two-stage exploit toolkit for CVE-2024-24919, a path traversal vulnerability affecting Check Point VPN devices. The first script (1-CVE-2024-24919-Shodan-Search.py) uses the Shodan API to search for potentially vulnerable devices on the internet by querying for a specific favicon hash associated with Check Point VPN endpoints. It outputs a list of target IP addresses (as HTTPS URLs) to a file (default: target.txt). The second script (2-CVE-2024-24919-PoC.py) is a proof-of-concept exploit that reads the list of targets and attempts to exploit the path traversal vulnerability by sending a crafted POST request to the '/clients/MyCRL' endpoint on each device. The payload attempts to read the '/etc/passwd' file from the target system. If the response contains typical Linux user entries (e.g., 'root:', 'nobody:'), the script reports the target as vulnerable and can display the full response in verbose mode. The repository includes a README with usage instructions and a requirements.txt specifying dependencies (requests, shodan). The overall structure is clear and modular, separating target discovery from exploitation. No hardcoded endpoints are present beyond the targeted path and endpoint. The exploit is a functional proof-of-concept and does not include weaponized or post-exploitation features.

This repository contains a Python exploit script (cve-2024-24919-sniper.py) and a README.md. The script targets CVE-2024-24919, an information disclosure vulnerability in Check Point Security Gateway devices. It allows an attacker to read arbitrary files from the target system by sending a crafted POST request to the '/clients/MyCRL' endpoint, exploiting a directory traversal flaw. The default file targeted is '/etc/passwd', but any file path can be specified. The script supports both single-target and bulk scanning (from a file), uses multithreading for efficiency, and outputs results to a CSV file ('sniper-out.csv'). The README provides detailed usage instructions, command-line options, and example commands. The exploit is operational and can be used to confirm and demonstrate the vulnerability on accessible Check Point Security Gateway devices.

This repository provides an operational exploit and scanner for CVE-2024-24919, an unauthenticated arbitrary file read vulnerability affecting multiple Check Point products. The repository contains three files: README.md (documentation and usage instructions), exploit.py (the main exploit script), and scanner.py (a vulnerability scanner). Both Python scripts target the /clients/MyCRL endpoint on the victim appliance via HTTPS, using a crafted POST request with a path traversal payload to access sensitive files. The exploit.py script, upon confirming vulnerability, can extract and locally save files such as /etc/passwd, /etc/shadow, /root/.ssh/id_rsa, /etc/hostname, and /etc/hosts. The scanner.py script simply checks for vulnerability by attempting to read /etc/passwd. The exploit is network-based, requires no authentication, and is effective against a wide range of Check Point appliances running affected versions. The code is straightforward, operational, and suitable for red team or penetration testing use.

This repository provides proof-of-concept (PoC) exploit scripts for CVE-2024-24919, a path traversal vulnerability in Check Point SSL Network Extender. The repository contains two main exploit scripts: a Bash script (CVE-2024-24919-scan.sh) and a Python script (python/CVE-2024-24919.py). Both scripts target the '/clients/MyCRL' endpoint on a Check Point SSL Network Extender appliance over HTTPS, sending a specially crafted POST request with a path traversal payload (defaulting to '/etc/passwd'). The Bash script is designed for batch scanning multiple IPs from a file, while the Python script allows specifying a single target and an arbitrary file path. The repository also includes README files with usage instructions and search queries for identifying potential targets. The exploit demonstrates the ability to read arbitrary files from vulnerable systems, confirming the presence of the vulnerability.

This repository contains a Python proof-of-concept exploit for CVE-2024-24919, a directory traversal vulnerability affecting Check Point Security Gateways with Remote Access VPN or Mobile Access Software Blades enabled. The main script, CVE-2024-24919.py, takes a list of target URLs and attempts to exploit the vulnerability by sending crafted POST requests to the '/clients/MyCRL' endpoint, using directory traversal payloads to access sensitive files such as /etc/passwd and /etc/shadow. If successful, the contents of these files are saved locally for further analysis, such as password cracking. The repository also includes a README with usage instructions and context about the vulnerability, and a LICENSE file. The exploit is network-based, requires the target to be internet-accessible, and is intended for security testing and research purposes.

This repository provides a Python exploit for CVE-2024-24919, a critical information disclosure vulnerability in Check Point Security Gateway devices. The main script, CVE-2024-24919.py, allows an attacker to send crafted POST requests to the /clients/MyCRL endpoint on a target device, exploiting a path traversal vulnerability to read arbitrary files from the system. The tool supports both single-target and multi-target scanning, with a predefined list of sensitive files (such as /etc/passwd, /etc/shadow, SSH keys, and configuration files) that it attempts to retrieve. The exploit is operational and can be used to exfiltrate sensitive data from vulnerable devices. The repository also includes a README.md with usage instructions and a requirements.txt listing Python dependencies. No detection-only scripts or fake exploit code are present; the code is a functional exploit for the specified CVE.

This repository is a Proof-of-Concept (PoC) exploit for CVE-2024-24919, a critical unauthenticated file read vulnerability affecting Check Point Security Gateways with Remote Access VPN or Mobile Access Software Blades enabled. The repository contains three files: a README.md with detailed usage instructions and background, a Python exploit script (exploit.py), and a requirements.txt listing dependencies. The exploit script allows the user to specify a single target IP or a file containing multiple IPs. For each target, it sends a crafted POST request to the '/clients/MyCRL' endpoint over HTTPS, attempting to exploit a path traversal vulnerability to read the '/etc/shadow' file. The script prints or saves the server's response, which, if successful, contains the contents of the targeted file. The exploit demonstrates the vulnerability by reading sensitive files, but does not provide post-exploitation capabilities. The code is straightforward, does not use any exploitation framework, and is intended for educational and testing purposes only.

This repository contains a Python proof-of-concept exploit for CVE-2024-24919, a path traversal vulnerability in Check Point Security Gateway/VPN products. The main script, CVE-2024-24919.py, takes a list of target IP addresses or hostnames and attempts to exploit each by sending a crafted POST request to the '/clients/MyCRL' endpoint over HTTPS. The payload leverages directory traversal to read arbitrary files from the target system, such as '/etc/shadow' or SSH private keys. Results are written to an output file, including the contents of any files successfully read. The exploit is multithreaded for efficiency and includes progress reporting via tqdm. The README provides usage instructions, example output, and guidance for identifying targets using Shodan. No detection-only scripts are present; the code is a functional exploit. The repository is structured simply, with one main exploit script, a README, and a license file.

This repository provides a Python proof-of-concept exploit for CVE-2024-24919, a directory traversal vulnerability affecting Check Point SSL Network Extender. The main file, CVE-2024-24919.py, sends a crafted POST request to the /clients/MyCRL endpoint on a target device, exploiting a path traversal flaw to read arbitrary files (default: /etc/passwd). The exploit requires the target's IP address and optionally a file path. The repository includes a README with usage instructions and a requirements.txt specifying the 'requests' library. The attack vector is network-based, targeting accessible Check Point devices over HTTPS. No detection or fake code is present; the exploit is functional and focused on file disclosure.

This repository provides an operational exploit for CVE-2024-24919, a path traversal vulnerability in Check Point VPN Gateway. The main file, exploit.py, is a Python script that allows users to test single or multiple targets for the vulnerability and exploit it to read arbitrary files from the target system (defaulting to /etc/passwd). The script uses asynchronous HTTP POST requests to the /clients/MyCRL endpoint, sending a path traversal payload to access files outside the intended directory. The tool supports proxying, multithreading, and output to file. The README provides detailed usage instructions and sample output, including evidence of successful exploitation. The requirements.txt lists necessary Python dependencies. No hardcoded IPs or domains are present, but the README gives examples of vulnerable endpoints and suggests using a separate tool (ShodanX) to discover targets. The exploit is not part of a framework and is a standalone operational tool.

This repository contains a proof-of-concept Python exploit for CVE-2024-24919, a path traversal vulnerability affecting Check Point firewall devices. The main file, CVE-2024-24919.py, allows an attacker to send a crafted POST request to the '/clients/MyCRL' endpoint of a target device, exploiting the vulnerability to read arbitrary files from the system (defaulting to '/etc/passwd'). The script takes command-line arguments for the target URL and the file to retrieve. The README provides context and references a public disclosure article. The exploit is network-based and targets Check Point firewalls accessible over HTTP(S). The repository is structured simply, with one exploit script and a README.

This repository contains a proof-of-concept (POC) exploit for CVE-2024-24919, a vulnerability affecting Check Point appliances that allows unauthenticated remote attackers to read arbitrary files. The repository consists of a README.md describing the vulnerability and usage, and a Python script (exploit.py) that implements the exploit logic. The script takes a list of target URLs and optionally a custom file path to read. It sends a crafted POST request to the '/clients/MyCRL' endpoint on each target, exploiting a path traversal vulnerability to read files such as '/etc/shadow'. The exploit is unauthenticated and demonstrates the ability to disclose sensitive files from affected appliances. The code is straightforward, with clear entry points and usage instructions, and is intended for educational and ethical testing purposes only.