Exploiting CVE-2024-25641 on Cacti 1.2.26. When a user is authenticated, an arbitrary file write vulnerability allows Remote Code Execution (RCE).
This script automates the process of exploiting CVE-2024-25641 in Cacti 1.2.26. The vulnerability allows authenticated users with the Import Templates permission to achieve Remote Code Execution (RCE) via the Package Import feature.
π Original Advisory: GitHub Security Advisory
- β Fully Automated Exploitation: Simplifies the attack process.
- β‘ Flexible Targeting: Easily configure target URL, credentials, and payload.
- π¦ Dependency Management: Ensure smooth installation via
requirements.txt.
Ensure you have the following installed:
- π Python 3.x
- π Required Python modules (install via
requirements.txt)
Clone the repository:
git clone https://github.com/regantemudo/CVE-2024-25641-Exploit-for-Cacti-1.2.26.git
cd CVE-2024-25641-Exploit-for-Cacti-1.2.26Install dependencies:
pip install -r requirements.txtBy default, the script uses ./php/reverse_shell.php as the payload. Modify the IP address and port inside the PHP script accordingly.
python3 cacti_exploit.py <URL> <username> <password> [-p <payload_path>]- π
URL: The target Cacti URL. - π€
username: Login username. - π
password: Login password. - π οΈ
-p/--payload: (Optional) Path to a custom PHP payload (default:./php/reverse_shell.php).
Once the script successfully uploads the PHP payload, execute it via the browser or directly through the script.
CVE-2024-25641-Exploit-for-Cacti-1.2.26/
βββ php/
| βββ reverse_shell.php
βββ README.md
βββ cacti_exploit.py
βββ requirements.txt
This tool is strictly for educational and authorized penetration testing. Unauthorized use is illegal and may lead to severe consequences. The authors hold no responsibility for any misuse or damage caused by this software.