# CVE-2024-24576-PoC-BatBadBut

PoC for CVE-2024-24576 vulnerability "BatBadBut"

## Information

After running the script will ask you for an argument, the argument will be passed the the bat file, if you close the argument with " and after that & you can run any Windows command.
For example:
helloworld" & whoami

As a result, you will get the whoami command.

Of course in real time it would not look like that, this is just PoC for the CVE.

## Usage

Clone the repository:
``` cmd
git clone

Running the script:
To make it work type something close with " and then "&" and any command like calc.exe, hostname, whoami...
HelloWorld" & hostname
The Flow of the CVE and the possible way to make it work

## Credits

* [NIST](

* [](

* [Mental Outlow](

## License