Today we have a brand new set of labs related to CVE-2024-24576 (Rust RCE)
On April 9, 2024, a vulnerability related to the Rust programming language was reported. The standard library before version 1.77.2 did not properly escape arguments when invoking batch (.bat) files with the bat or cmd extensions. Exploitation of this vulnerability allows attackers to gain remote code execution (RCE) on affected Windows systems, with low complexity and no user interaction required.
In this lab, you will go through how to find this 10.0 rated critical vulnerability in rust and execute commands against a web server which calls a .bat file.
Who's it for?
- Penetration Testers
- Developers
What are the key takeaways?
- Outline the components that allow the vulnerability to be exploited
- Discuss the potential impact of exploiting this vulnerability
Cyber Pro licensed users can access the new collection here.
Published 2 years ago
Version 1.0
BenMcCarthy
Immerser
Immerser