Giters

SheL3G / CVE-2024-24576-PoC-BatBadBut

PoC for CVE-2024-24576 vulnerability "BatBadBut"

Repository from Github https://github.comSheL3G/CVE-2024-24576-PoC-BatBadButRepository from Github https://github.comSheL3G/CVE-2024-24576-PoC-BatBadBut

CVE-2024-24576-PoC-BatBadBut

PoC for CVE-2024-24576 vulnerability "BatBadBut"

Information

After running the script will ask you for an argument, the argument will be passed the the bat file, if you close the argument with " and after that & you can run any Windows command. For example:

helloworld" & whoami

As a result, you will get the whoami command.

Of course in real time it would not look like that, this is just PoC for the CVE.

Usage

Clone the repository:

git clone https://github.com/SheL3G/CVE-2024-24576-PoC-BatBadBut.git

Running the script:

Python CVE-2024-24576.py

To make it work type something close with " and then "&" and any command like calc.exe, hostname, whoami...

HelloWorld" & hostname

The Flow of the CVE and the possible way to make it work Flow

Credits

License

MIT

About

PoC for CVE-2024-24576 vulnerability "BatBadBut"

License:MIT License

Languages

Language:Python 96.8%Language:Batchfile 3.2%