Pulse Secure Pulse Connect Secure Arbitrary File Read Vulnerability

This repository contains a Bash script ('pwn-pulse.sh') that exploits the Pulse Connect Secure SSL VPN arbitrary file read vulnerability (CVE-2019-11510). The script is designed to automate the exploitation process by taking a target domain or IP address and attempting to download sensitive files from the VPN appliance using crafted directory traversal URLs. It then parses the downloaded files to extract private keys, usernames, admin details (including session cookies), and observed logins (including passwords). The script can also test session cookies to identify active sessions, which could be hijacked. All extracted information is compiled into a report file for each target. The repository includes a README with usage instructions and a LICENSE file. The main exploit logic resides in 'pwn-pulse.sh', which is the only code file. The attack vector is network-based, targeting accessible Pulse Connect Secure VPN appliances over HTTPS. The script is operational and provides real credential and session extraction capabilities, making it a practical tool for post-exploitation or red team activities.

This repository contains a Bash exploit script (CVE-2019-11510.sh) targeting Pulse Secure SSL VPN appliances vulnerable to CVE-2019-11510, a critical arbitrary file read vulnerability. The script allows an attacker to supply a single target or a list of targets (via a file) and attempts to exploit the directory traversal flaw to download sensitive files from the VPN appliance. It first checks for vulnerability by reading /etc/passwd, then proceeds to download /etc/hosts and internal database files (/data/runtime/mtmp/lmdb/dataa/data.mdb and /data/runtime/mtmp/lmdb/randomVal/data.mdb). The script extracts plaintext usernames, passwords, and session IDs from these files, saving the results in organized output directories per target. The repository also includes a README.md with usage instructions and references. The exploit is operational, automating the process of identifying vulnerable systems and extracting credentials and session information for further compromise.

This repository contains a single Python exploit script (pulsexploit.py) targeting Pulse Secure SSL VPN appliances vulnerable to CVE-2019-11510. The exploit automates the process of identifying vulnerable hosts by querying the Shodan API for devices exposing the '/dana/' path on port 443. For each discovered host, it attempts to exploit a path traversal vulnerability to read sensitive files from the system, including /etc/passwd, /etc/hosts, /etc/group, /etc/resolv.conf, and a session database file. The results are saved in an output directory for later analysis. The script is operational and requires a valid Shodan API key and internet access. The repository also includes a README with usage instructions, a requirements.txt for dependencies (shodan), and standard project files. The exploit is not part of a larger framework and is self-contained.

This repository contains a Python proof-of-concept exploit for CVE-2019-11510, a critical arbitrary file read vulnerability in Pulse Secure SSL VPN appliances. The main file, CVE-2019-11510.py, takes a target URL as input and attempts to exploit a directory traversal flaw to read sensitive files such as /etc/passwd and /etc/hosts from the remote system. If successful, the contents of these files are saved locally. The exploit works by crafting specific HTTP GET requests to vulnerable endpoints on the VPN device. The repository also includes a README.md with usage instructions and references. No payload for code execution is included; the exploit is limited to file read capabilities, making it a proof-of-concept for information disclosure. The attack vector is network-based, requiring access to the target's HTTPS interface.