This repository automates the process of exploiting CVE-2024-25641 on Cacti 1.2.26. When a user is authenticated, An arbitrary file write vulnerability, exploitable through the "Package Import" feature, allows authenticated users having the "Import Templates" permission to execute arbitrary PHP code on the web server (RCE). Original report: https://github.com/Cacti/cacti/security/advisories/GHSA-7cmj-g5qc-pj88
- Automatic Exploitation: Easily execute the exploit with minimal setup.
- Customizable Target: Quickly configure the URL, username, password, and payload.
- Dependency Management: Ensure all necessary packages are installed with a single command.
Before you begin, ensure you have met the following requirements:
- Python 3.x installed on your system
- Internet connection to download dependencies
- Clone the repository:
git clone https://github.com/5ma1l/CVE-2024-25641.git cd CVE-2024-25641 - Install the required dependencies:
pip install -r requirements.txt
-
Prepare your PHP payload:
By default, the script uses ./php/monkey.php as the payload. Make sure to modify the IP address and port inside the PHP payload file if needed.
-
Run the exploit:
python3 exploit.py <URL> <username> <password> [-p <payload_path>]
- URL: The target Cacti URL.
- username: Login username.
- password: Login password.
- -p/--payload: Path to the PHP payload file (default:
./php/monkey.php).
After the script successfully uploads the payload, you can choose to execute it directly from the script or manually through the browser.
This tool is intended for educational purposes only. Unauthorized use of this tool against systems without explicit permission is illegal and unethical. The author is not responsible for any misuse or damage caused by this tool.