Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2024-23443 PoC — Elastic Kibana 安全漏洞

Source
https://github.com/zhazhalove/osquery_cve-2024-23443
Associated Vulnerability
Title:Elastic Kibana 安全漏洞 (CVE-2024-23443)
Description:Elastic Kibana是荷兰Elastic公司的一个应用系统。一个免费且开放的用户界面,能够让您对 Elasticsearch 数据进行可视化,并让您在 Elastic Stack 中进行导航。 Elastic Kibana 存在安全漏洞。攻击者利用该漏洞通过上传恶意制作的 osquery 包来影响 Kibana 的可用性。
Description
Osqery extension HP BIOS WMI
Readme
# Proof of Concept (POC)
CVE-2024-23443

# hp_bios_osquery
Add osqery extension HP BIOS WMI to Elastic Agent 

# Dependencies

- pip install pywin32
- pip install osquery
- pip install pyinstaller

# Build

```
pyinstaller --onefile hp_bios_enumeration.py
```

# Install

1. Copy extension to Elastic agent location
   
   ``copy .\hp_bios_enumeration.exe "C:\Program Files\Elastic\Agent\data\elastic-agent-XXXXXX\components\"``
   
2. Update Elastic osquery auto_load file

   ``"C:\Program Files\Elastic\Agent\data\elastic-agent-XXXXXX\components\hp_bios_enumeration.exe" | Out-File "C:\Program Files\Elastic\Agent\data\elastic-agent-XXXXXX\run\osquery-default\osquery\osquery.autoload" -Append``

3. Restart agent

4. Confirm extension is loaded

   ``osqueryi``

    ``osquery> SELECT * FROM hp_bios_enum;``

   | name                                | possible_values                                                 | current_value                       |
   |-------------------------------------|-----------------------------------------------------------------|-------------------------------------|
   | System Management Command           | Disable, Enable                                                 | Enable                              |
   | Fast Boot                           | Disable, Enable                                                 | Enable                              |
   | BIOS Rollback Policy                | Unrestricted Rollback to older BIOS, Restricted Rollback to older BIOS | Unrestricted Rollback to older BIOS |
   | Audio Alerts During Boot            | Disable, Enable                                                 | Enable                              |
File Snapshot

 [4.0K]  /data/pocs/9c3c62ed1637b2a6a9a3e6ae2341f8f12fe5cf91
├── [1.4K]  hp_bios_enumeration.py
└── [1.7K]  README.md

0 directories, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.