Skip to content
/ CVE-2024-6387-Updated-x64bit Public

Private x64 RCE exploit for CVE-2024-6387 [02.07.2024] from exploit.in

License

MIT license
2 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

PrincipalAnthony/CVE-2024-6387-Updated-x64bit

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

CVE-2024-6387-Updated-x64bit

Private x64 RCE exploit (Python) for CVE-2024-6387 [02.07.2024] from exploit.in

The repository provides a working variant of the CVE-2024-6387 vulnerability exploit with support for real-time active shell, multithreading, entering targets from a file, and color output.

🔥 CVSS: 10/10

Description

An exploit for CVE-2024-6387, targeting a signal handler race condition in OpenSSH's server (sshd) on glibc-based Linux systems. The vulnerability allows for remote code execution as root due to async-signal-unsafe functions being called in the SIGALRM handler.

Exploit details

The exploit targets the SIGALRM handler race condition in OpenSSH's sshd, which calls async-signal-unsafe functions. This can be leveraged to achieve remote code execution as root.

Zoomeye dork

app:"OpenSSH"

Vulnerable versions:

OpenSSH 8.5p1 to 9.8p1

Running

To run exploit you need Python 3.9. Execute:

python exploit.py -h 10.10.10.10 -c 'id'

Download

Download here (securely!)

Date of published: 01.07.2024

Contact

principalanthony@exploit.in

About

Private x64 RCE exploit for CVE-2024-6387 [02.07.2024] from exploit.in

Resources

Readme

License

MIT license
Activity

Stars

2 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published