CVE-2024-41570

CRITICAL

Havoc 0.7 - Unauthenticated Server-Side Request Forgery via Demon Callback

Title source: manual
STIX 2.1

Exploitation Summary

EIP tracks 7 public exploits for CVE-2024-41570. PoCs published by chebuya, HimmeL-Byte, diemoeve.

AI-analyzed exploit summary This repository contains a functional exploit for CVE-2024-41570, an unauthenticated SSRF vulnerability in Havoc C2 v0.7. The exploit spoofs a demon agent registration to open a TCP socket on the teamserver, allowing attackers to leak origin IPs and interact with internal services.

Description

An Unauthenticated Server-Side Request Forgery (SSRF) in demon callback handling in Havoc 2 0.7 allows attackers to send arbitrary network traffic originating from the team server.

Exploits (7)

nomisec WORKING POC 74 stars
by chebuya · poc
https://github.com/chebuya/Havoc-C2-SSRF-poc

This repository contains a functional exploit for CVE-2024-41570, an unauthenticated SSRF vulnerability in Havoc C2 v0.7. The exploit spoofs a demon agent registration to open a TCP socket on the teamserver, allowing attackers to leak origin IPs and interact with internal services.

Classification
Working Poc 95%
Attack Type
Ssrf
Complexity
Moderate
Reliability
Reliable
Target: Havoc C2 v0.7
No auth needed
Prerequisites: Network access to the Havoc C2 teamserver listener
devstral-2 · analyzed Feb 18, 2026 Full analysis →
nomisec WORKING POC 16 stars
by HimmeL-Byte · poc
https://github.com/HimmeL-Byte/CVE-2024-41570-SSRF-RCE

This repository contains a functional exploit for CVE-2024-41570, demonstrating an SSRF-to-RCE vulnerability. The exploit leverages AES-encrypted communication with a teamserver to register a spoofed agent, open a socket, and execute commands via WebSocket requests.

Classification
Working Poc 95%
Attack Type
Ssrf | Rce
Complexity
Moderate
Reliability
Reliable
Target: Unknown (likely a teamserver or C2 framework)
No auth needed
Prerequisites: Network access to the target teamserver · Python environment with required libraries (requests, Crypto)
devstral-2 · analyzed Feb 18, 2026 Full analysis →
nomisec WORKING POC 11 stars
by diemoeve · poc
https://github.com/diemoeve/CVE-2024-41570

This repository contains a functional Python-based exploit for CVE-2024-41570, targeting a WebSocket-based service in Havoc C2. The exploit automates agent registration, WebSocket payload delivery, and remote command execution to establish a reverse shell.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Havoc C2
Auth required
Prerequisites: Python 3.x · requests library · pycryptodome library · target URL · teamserver IP and port · username and password for authentication · listener IP and port for reverse shell
devstral-2 · analyzed Feb 19, 2026 Full analysis →
nomisec WORKING POC 8 stars
by sebr-dev · poc
https://github.com/sebr-dev/Havoc-C2-SSRF-to-RCE

This exploit demonstrates an unauthenticated SSRF and authenticated RCE in Havoc C2 v0.7 by spoofing agent registration and leveraging socket manipulation to achieve remote code execution. The PoC includes encryption/decryption logic and socket operations to interact with the teamserver.

Classification
Working Poc 95%
Attack Type
Ssrf | Rce
Complexity
Moderate
Reliability
Reliable
Target: Havoc C2 v0.7
Auth required
Prerequisites: Teamserver URL · Valid credentials for authentication · Target IP and port for socket manipulation
devstral-2 · analyzed Feb 18, 2026 Full analysis →
nomisec WORKING POC 3 stars
by leo-mitch · poc
https://github.com/leo-mitch/CVE-2024-41570-Havoc-C2-RCE

This repository contains a functional exploit for CVE-2024-41570, which chains SSRF and command injection vulnerabilities in the Havoc C2 framework. The exploit registers a spoofed agent, opens a socket, and delivers a payload to achieve remote code execution on the teamserver.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Havoc C2 framework (versions 0.3 to 0.6)
Auth required
Prerequisites: Default or known credentials for Havoc C2 · Network access to the teamserver
devstral-2 · analyzed May 19, 2026 Full analysis →
nomisec WORKING POC 3 stars
by thisisveryfunny · poc
https://github.com/thisisveryfunny/CVE-2024-41570-Havoc-C2-RCE

This repository contains a functional exploit for CVE-2024-41570, targeting the Havoc C2 framework. It chains SSRF and command injection vulnerabilities to achieve remote code execution on the teamserver.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Havoc C2 framework versions 0.3 to 0.6
Auth required
Prerequisites: Network access to the Havoc teamserver · Default or known credentials for authentication · Python environment with required dependencies
devstral-2 · analyzed Feb 18, 2026 Full analysis →
inthewild WORKING POC
poc
https://github.com/kit4py/cve-2024-41570

This repository contains a functional Python-based exploit for CVE-2024-41570, targeting a WebSocket-based service to achieve SSRF with RCE via a reverse shell. The exploit automates agent registration, WebSocket payload delivery, and command execution.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Havoc C2
Auth required
Prerequisites: Python 3.x · requests library · pycryptodome library · target URL · authentication credentials · listener IP and port
devstral-2 · analyzed Feb 23, 2026 Full analysis →

References (1)

Core 1
Core References

Scores

CVSS v3 9.8
EPSS 0.7407
EPSS Percentile 98.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact total

Details

CWE
CWE-918
Status published
Products (1)
havocframework/havoc
Published Aug 12, 2024
Tracked Since Feb 18, 2026