Exploit for bypassing authentication in ConnectWise ScreenConnect.
Caution
Disclaimer: IMPORTANT: This script is provided for educational, ethical testing, and lawful use ONLY. Do not use it on any system or network without explicit permission. Unauthorized access to computer systems and networks is illegal, and users caught performing unauthorized activities are subject to legal actions. The author is NOT responsible for any damage caused by the misuse of this script..
python3 bypass.py --url http://IP --username USER --password PASS
- FOFA: "ScreenConnect" && country="RU"
- HHOW: web.body="ScreenConnect" and ip.country=="Russia"
- Shodan: ScreenConnect country:"RU"
- Python 3
requests
re
argparse
colorama
This script automates the process of bypassing authentication in ConnectWise ScreenConnect by exploiting a vulnerability. It allows the addition of a new user without proper authentication.
The script takes three command-line arguments:
--url
: Target URL in the format http://IP.--username
: Username to add.--password
: Password to add (must be at least 8 characters in length).
After executing the script, it sends requests to the target URL to exploit the vulnerability and adds the specified username and password as a new user.