GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → dotPY-hax → Gitlab_rce

dotPY-hax / Gitlab_rce

RCE for old gitlab version <= 11.4.7 & 12.4.0-12.8.1 and LFI for old gitlab versions 10.4 - 12.8.1

Programming Languages

python
139335 projects - #7 most used programming language

Labels

exploitctfgitlabcverce

Projects that are alternatives of or similar to Gitlab rce

Cve 2019 1003000 Jenkins Rce Poc
Jenkins RCE Proof-of-Concept: SECURITY-1266 / CVE-2019-1003000 (Script Security), CVE-2019-1003001 (Pipeline: Groovy), CVE-2019-1003002 (Pipeline: Declarative)
Stars: ✭ 270 (+159.62%)
Mutual labels:  exploit, cve, rce
Vulmap
Vulmap 是一款 web 漏洞扫描和验证工具, 可对 webapps 进行漏洞扫描, 并且具备漏洞利用功能
Stars: ✭ 1,079 (+937.5%)
Mutual labels:  exploit, cve, rce
Cve 2019 0708 Tool
A social experiment
Stars: ✭ 87 (-16.35%)
Mutual labels:  exploit, cve, rce
CVE-2021-41773 CVE-2021-42013
Apache HTTP Server 2.4.49, 2.4.50 - Path Traversal & RCE
Stars: ✭ 20 (-80.77%)
Mutual labels:  exploit, rce, cve
Penetration testing poc
渗透测试有关的POC、EXP、脚本、提权、小工具等---About penetration-testing python-script poc getshell csrf xss cms php-getshell domainmod-xss penetration-testing-poc csrf-webshell cobub-razor cve rce sql sql-poc poc-exp bypass oa-getshell cve-cms
Stars: ✭ 3,858 (+3609.62%)
Mutual labels:  cve, rce, exploit
Shellen
🌸 Interactive shellcoding environment to easily craft shellcodes
Stars: ✭ 799 (+668.27%)
Mutual labels:  exploit, ctf
Pwn jenkins
Notes about attacking Jenkins servers
Stars: ✭ 841 (+708.65%)
Mutual labels:  exploit, rce
Exploit Cve 2016 9920
Roundcube 1.0.0 <= 1.2.2 Remote Code Execution exploit and vulnerable container
Stars: ✭ 34 (-67.31%)
Mutual labels:  exploit, rce
Cve 2018 18852
CERIO RCE CVE-2018-18852, authenticated (vendor defaults) web-based RCE as root user.
Stars: ✭ 42 (-59.62%)
Mutual labels:  exploit, rce
Sireprat
Remote Command Execution as SYSTEM on Windows IoT Core (releases available for Python2.7 & Python3)
Stars: ✭ 326 (+213.46%)
Mutual labels:  exploit, rce
Cve 2020 15906
Writeup of CVE-2020-15906
Stars: ✭ 39 (-62.5%)
Mutual labels:  exploit, cve
Pwntools
CTF framework and exploit development library
Stars: ✭ 8,585 (+8154.81%)
Mutual labels:  exploit, ctf
Cve 2018 8120
CVE-2018-8120 Windows LPE exploit
Stars: ✭ 447 (+329.81%)
Mutual labels:  exploit, cve
Hyperpwn
A hyper plugin to provide a flexible GDB GUI with the help of GEF, pwndbg or peda
Stars: ✭ 387 (+272.12%)
Mutual labels:  exploit, ctf
Cve 2017 0065
Exploiting Edge's read:// urlhandler
Stars: ✭ 15 (-85.58%)
Mutual labels:  exploit, cve
Gef
GEF (GDB Enhanced Features) - a modern experience for GDB with advanced debugging features for exploit developers & reverse engineers ☢
Stars: ✭ 4,197 (+3935.58%)
Mutual labels:  exploit, ctf
Labs
Vulnerability Labs for security analysis
Stars: ✭ 1,002 (+863.46%)
Mutual labels:  exploit, cve
Sudo killer
A tool to identify and exploit sudo rules' misconfigurations and vulnerabilities within sudo for linux privilege escalation.
Stars: ✭ 1,073 (+931.73%)
Mutual labels:  ctf, cve
Ctf
Some of my CTF solutions
Stars: ✭ 70 (-32.69%)
Mutual labels:  exploit, ctf
Armpwn
Repository to train/learn memory corruption on the ARM platform.
Stars: ✭ 320 (+207.69%)
Mutual labels:  exploit, ctf
View All Similar Projects ➔

Gitlab RCE - Remote Code Execution

RCE for old gitlab version <= 11.4.7 & 12.4.0-12.8.1

LFI for old gitlab versions 10.4 - 12.8.1

This is an exploit for old Gitlab versions. This shouldnt work in the wild but it still seems to be popular in CTFs. Educational use only. Illegal things are illegal.

CVEs: CVE-2018-19571 (SSRF) + CVE-2018-19585 (CRLF) & CVE-2020-10977

credits:

https://www.youtube.com/watch?v=LrLJuyAdoAg - LiveOverflow
https://github.com/jas502n/gitlab-SSRF-redis-RCE - jas502n
https://hackerone.com/reports/827052 - vakzz
partly inspired by the gitlab RCE metasploit module

usage:

python gitlab_rce.py <http://gitlab:port> <local-ip>

You might or might not have to tweak this a bit.

THERE ARE ABSOLUTELY !!NO!! VERY A FEW CHECKS OR ERROR HANDLING!

needs a HUGE refactor some time in the future.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].