metasploit-gs/docs/development/developing-modules/libraries/how-to-use-the-git-mixin-to-write-an-exploit-module.html

<!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta http-equiv="X-UA-Compatible" content="IE=Edge"><link rel="shortcut icon" href="/assets/images/favicon.png" type="image/x-icon"><link rel="stylesheet" href="/assets/css/just-the-docs-default.css"> <script async src="https://www.googletagmanager.com/gtag/js?id=UA-4622520-7"></script> <script> window.dataLayer = window.dataLayer || []; function gtag(){dataLayer.push(arguments);} gtag('js', new Date()); gtag('config', 'UA-4622520-7', { 'anonymize_ip': true }); </script> <script type="text/javascript" src="/assets/js/vendor/lunr.min.js"></script> <script src="https://cdn.jsdelivr.net/npm/mermaid@10.8.0/dist/mermaid.min.js"></script> <script type="text/javascript" src="/assets/js/just-the-docs.js"></script><meta name="viewport" content="width=device-width, initial-scale=1"><title>Git Mixin | Metasploit Documentation Penetration Testing Software, Pen Testing Security</title><meta name="generator" content="Jekyll v4.3.4" /><meta property="og:title" content="Git Mixin" /><meta property="og:locale" content="en_US" /><meta name="description" content="View Metasploit Framework Documentation" /><meta property="og:description" content="View Metasploit Framework Documentation" /><link rel="canonical" href="https://rapid7.github.io/metasploit-framework/docs/development/developing-modules/libraries/how-to-use-the-git-mixin-to-write-an-exploit-module.html" /><meta property="og:url" content="https://rapid7.github.io/metasploit-framework/docs/development/developing-modules/libraries/how-to-use-the-git-mixin-to-write-an-exploit-module.html" /><meta property="og:site_name" content="Metasploit Documentation Penetration Testing Software, Pen Testing Security" /><meta property="og:type" content="website" /><meta name="twitter:card" content="summary" /><meta property="twitter:title" content="Git Mixin" /> <script type="application/ld+json"> {"@context":"https://schema.org","@type":"WebPage","description":"View Metasploit Framework Documentation","headline":"Git Mixin","publisher":{"@type":"Organization","logo":{"@type":"ImageObject","url":"https://rapid7.github.io/metasploit-framework/assets/images/favicon.png"}},"url":"https://rapid7.github.io/metasploit-framework/docs/development/developing-modules/libraries/how-to-use-the-git-mixin-to-write-an-exploit-module.html"}</script><body> <svg xmlns="http://www.w3.org/2000/svg" style="display: none;"> <symbol id="svg-link" viewBox="0 0 24 24"><title>Link</title><svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="feather feather-link"><path d="M10 13a5 5 0 0 0 7.54.54l3-3a5 5 0 0 0-7.07-7.07l-1.72 1.71"></path><path d="M14 11a5 5 0 0 0-7.54-.54l-3 3a5 5 0 0 0 7.07 7.07l1.71-1.71"></path> </svg> </symbol> <symbol id="svg-search" viewBox="0 0 24 24"><title>Search</title><svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="feather feather-search"> <circle cx="11" cy="11" r="8"></circle><line x1="21" y1="21" x2="16.65" y2="16.65"></line> </svg> </symbol> <symbol id="svg-menu" viewBox="0 0 24 24"><title>Menu</title><svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="feather feather-menu"><line x1="3" y1="12" x2="21" y2="12"></line><line x1="3" y1="6" x2="21" y2="6"></line><line x1="3" y1="18" x2="21" y2="18"></line> </svg> </symbol> <symbol id="svg-arrow-right" viewBox="0 0 24 24"><title>Expand</title><svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="feather feather-chevron-right"><polyline points="9 18 15 12 9 6"></polyline> </svg> </symbol> <symbol id="svg-doc" viewBox="0 0 24 24"><title>Document</title><svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="feather feather-file"><path d="M13 2H6a2 2 0 0 0-2 2v16a2 2 0 0 0 2 2h12a2 2 0 0 0 2-2V9z"></path><polyline points="13 2 13 9 20 9"></polyline> </svg> </symbol> </svg> <script type="text/javascript" src="/assets/js/toggle_init.js"></script><div class="side-bar"><div class="site-header"> <a href="/" class="site-title lh-tight"><img src="/assets/images/metasploit-logo-dark-external-use.svg" alt="Metasploit Logo" class="title-logo" /> </a> <a href="#" id="menu-button" class="site-button"> <svg viewBox="0 0 24 24" class="icon"><use xlink:href="#svg-menu"></use></svg> </a></div><nav role="navigation" aria-label="Main" id="site-nav" class="site-nav"><ul class="nav-list"><li class="nav-list-item active"><a href="/" class="nav-list-link">Home</a><li class="nav-list-item active"><a href="/docs/code-of-conduct.html" class="nav-list-link">Code Of Conduct</a><li class="nav-list-item active"><a href="/docs/modules.html" class="nav-list-link">Modules</a><li class="nav-list-item active"><a href="#" class="nav-list-expander"><svg viewBox="0 0 24 24"><use xlink:href="#svg-arrow-right"></use></svg></a><a href="/docs/pentesting/" class="nav-list-link">Pentesting</a><ul class="nav-list"><li class="nav-list-item active"><a href="/docs/pentesting/metasploit-guide-setting-module-options.html" class="nav-list-link">Setting Module Options</a><li class="nav-list-item active"><a href="/docs/pentesting/metasploit-guide-upgrading-shells-to-meterpreter.html" class="nav-list-link">Upgrading Shells to Meterpreter</a><li class="nav-list-item active"><a href="/docs/pentesting/metasploit-guide-post-gather-modules.html" class="nav-list-link">Post Gather Modules</a><li class="nav-list-item active"><a href="/docs/pentesting/metasploit-guide-http.html" class="nav-list-link">HTTP + HTTPS</a><li class="nav-list-item active"><a href="/docs/pentesting/metasploit-guide-kubernetes.html" class="nav-list-link">Kubernetes</a><li class="nav-list-item active"><a href="/docs/pentesting/metasploit-guide-mysql.html" class="nav-list-link">MySQL</a><li class="nav-list-item active"><a href="/docs/pentesting/metasploit-guide-postgresql.html" class="nav-list-link">PostgreSQL</a><li class="nav-list-item active"><a href="/docs/pentesting/metasploit-guide-smb.html" class="nav-list-link">SMB</a><li class="nav-list-item active"><a href="/docs/pentesting/metasploit-guide-ssh.html" class="nav-list-link">SSH</a><li class="nav-list-item active"><a href="/docs/pentesting/metasploit-guide-winrm.html" class="nav-list-link">WinRM</a><li class="nav-list-item active"><a href="/docs/pentesting/metasploit-guide-mssql.html" class="nav-list-link">MSSQL</a><li class="nav-list-item active"><a href="/docs/pentesting/metasploit-guide-ldap.html" class="nav-list-link">LDAP</a><li class="nav-list-item active"><a href="#" class="nav-list-expander"><svg viewBox="0 0 24 24"><use xlink:href="#svg-arrow-right"></use></svg></a><a href="/docs/pentesting/active-directory/" class="nav-list-link">Active Directory</a><ul class="nav-list"><li class="nav-list-item active"><a href="#" class="nav-list-expander"><svg viewBox="0 0 24 24"><use xlink:href="#svg-arrow-right"></use></svg></a><a href="/docs/pentesting/active-directory/ad-certificates/" class="nav-list-link">AD CS</a><ul class="nav-list"><li class="nav-list-item active"><a href="/docs/pentesting/active-directory/ad-certificates/overview.html" class="nav-list-link">Overview</a><li class="nav-list-item active"><a href="/docs/pentesting/active-directory/ad-certificates/attacking-ad-cs-esc-vulnerabilities.html" class="nav-list-link">Attacking AD CS ESC Vulnerabilities Using Metasploit</a><li class="nav-list-item active"><a href="/docs/pentesting/active-directory/ad-certificates/ldap_esc_vulnerable_cert_finder.html" class="nav-list-link">Vulnerable cert finder</a><li class="nav-list-item active"><a href="/docs/pentesting/active-directory/ad-certificates/ad_cs_cert_template.html" class="nav-list-link">Manage certificate templates</a><li class="nav-list-item active"><a href="/docs/pentesting/active-directory/ad-certificates/icpr_cert.html" class="nav-list-link">Request certificates</a></ul><li class="nav-list-item active"><a href="#" class="nav-list-expander"><svg viewBox="0 0 24 24"><use xlink:href="#svg-arrow-right"></use></svg></a><a href="/docs/pentesting/active-directory/kerberos/" class="nav-list-link">Kerberos</a><ul class="nav-list"><li class="nav-list-item active"><a href="/docs/pentesting/active-directory/kerberos/overview.html" class="nav-list-link">Overview</a><li class="nav-list-item active"><a href="/docs/pentesting/active-directory/kerberos/service_authentication.html" class="nav-list-link">Authenticating to SMB/WinRM/etc</a><li class="nav-list-item active"><a href="/docs/pentesting/active-directory/kerberos/kerberos_login.html" class="nav-list-link">Kerberos login enumeration and bruteforcing</a><li class="nav-list-item active"><a href="/docs/pentesting/active-directory/kerberos/get_ticket.html" class="nav-list-link">Get Ticket granting tickets and service tickets</a><li class="nav-list-item active"><a href="/docs/pentesting/active-directory/kerberos/ticket_converter.html" class="nav-list-link">Converting kirbi and ccache files</a><li class="nav-list-item active"><a href="/docs/pentesting/active-directory/kerberos/forge_ticket.html" class="nav-list-link">Forging tickets</a><li class="nav-list-item active"><a href="/docs/pentesting/active-directory/kerberos/inspect_ticket.html" class="nav-list-link">Inspecting tickets</a><li class="nav-list-item active"><a href="/docs/pentesting/active-directory/kerberos/kerberoasting.html" class="nav-list-link">Kerberoasting</a><li class="nav-list-item active"><a href="/docs/pentesting/active-directory/kerberos/keytab.html" class="nav-list-link">Keytab support and decrypting wireshark traffic</a><li class="nav-list-item active"><a href="/docs/pentesting/active-directory/kerberos/rbcd.html" class="nav-list-link">Resource-based constrained delegation (RBCD)</a><li class="nav-list-item active"><a href="/docs/pentesting/active-directory/kerberos/unconstrained_delegation.html" class="nav-list-link">Unconstrained delegation</a></ul></ul></ul><li class="nav-list-item active"><a href="#" class="nav-list-expander"><svg viewBox="0 0 24 24"><use xlink:href="#svg-arrow-right"></use></svg></a><a href="/docs/using-metasploit/" class="nav-list-link">Using Metasploit</a><ul class="nav-list"><li class="nav-list-item active"><a href="#" class="nav-list-expander"><svg viewBox="0 0 24 24"><use xlink:href="#svg-arrow-right"></use></svg></a><a href="/docs/using-metasploit/getting-started/" class="nav-list-link">Getting Started</a><ul class="nav-list"><li class="nav-list-item active"><a href="/docs/using-metasploit/getting-started/nightly-installers.html" class="nav-list-link">Nightly Installers</a><li class="nav-list-item active"><a href="/docs/using-metasploit/getting-started/reporting-a-bug.html" class="nav-list-link">Reporting a Bug</a></ul><li class="nav-list-item active"><a href="#" class="nav-list-expander"><svg viewBox="0 0 24 24"><use xlink:href="#svg-arrow-right"></use></svg></a><a href="/docs/using-metasploit/basics/" class="nav-list-link">Basics</a><ul class="nav-list"><li class="nav-list-item active"><a href="/docs/using-metasploit/basics/using-metasploit.html" class="nav-list-link">Running modules</a><li class="nav-list-item active"><a href="/docs/using-metasploit/basics/how-to-use-a-metasploit-module-appropriately.html" class="nav-list-link">How to use a Metasploit module appropriately</a><li class="nav-list-item active"><a href="/docs/using-metasploit/basics/how-payloads-work.html" class="nav-list-link">How payloads work</a><li class="nav-list-item active"><a href="/docs/using-metasploit/basics/module-documentation.html" class="nav-list-link">Module Documentation</a><li class="nav-list-item active"><a href="/docs/using-metasploit/basics/how-to-use-a-reverse-shell-in-metasploit.html" class="nav-list-link">How to use a reverse shell in Metasploit</a><li class="nav-list-item active"><a href="/docs/using-metasploit/basics/how-to-use-msfvenom.html" class="nav-list-link">How to use msfvenom</a><li class="nav-list-item active"><a href="/docs/using-metasploit/basics/managing-sessions.html" class="nav-list-link">Managing Sessions</a></ul><li class="nav-list-item active"><a href="#" class="nav-list-expander"><svg viewBox="0 0 24 24"><use xlink:href="#svg-arrow-right"></use></svg></a><a href="/docs/using-metasploit/intermediate/" class="nav-list-link">Intermediate</a><ul class="nav-list"><li class="nav-list-item active"><a href="/docs/using-metasploit/intermediate/metasploit-database-support.html" class="nav-list-link">Database Support</a><li class="nav-list-item active"><a href="/docs/using-metasploit/intermediate/evading-anti-virus.html" class="nav-list-link">Evading Anti Virus</a><li class="nav-list-item active"><a href="/docs/using-metasploit/intermediate/exploit-ranking.html" class="nav-list-link">Exploit Ranking</a><li class="nav-list-item active"><a href="/docs/using-metasploit/intermediate/hashes-and-password-cracking.html" class="nav-list-link">Hashes and Password Cracking</a><li class="nav-list-item active"><a href="/docs/using-metasploit/intermediate/how-to-use-plugins.html" class="nav-list-link">Metasploit Plugins</a><li class="nav-list-item active"><a href="/docs/using-metasploit/intermediate/payload-uuid.html" class="nav-list-link">Payload UUID</a><li class="nav-list-item active"><a href="/docs/using-metasploit/intermediate/pivoting-in-metasploit.html" class="nav-list-link">Pivoting in Metasploit</a><li class="nav-list-item active"><a href="/docs/using-metasploit/intermediate/running-private-modules.html" class="nav-list-link">Running Private Modules</a></ul><li class="nav-list-item active"><a href="#" class="nav-list-expander"><svg viewBox="0 0 24 24"><use xlink:href="#svg-arrow-right"></use></svg></a><a href="/docs/using-metasploit/advanced/" class="nav-list-link">Advanced</a><ul class="nav-list"><li class="nav-list-item active"><a href="/docs/using-metasploit/advanced/how-to-configure-dns.html" class="nav-list-link">How to Configure DNS</a><li class="nav-list-item active"><a href="/docs/using-metasploit/advanced/metasploit-web-service.html" class="nav-list-link">Metasploit Web Service</a><li class="nav-list-item active"><a href="#" class="nav-list-expander"><svg viewBox="0 0 24 24"><use xlink:href="#svg-arrow-right"></use></svg></a><a href="/docs/using-metasploit/advanced/meterpreter/" class="nav-list-link">Meterpreter</a><ul class="nav-list"><li class="nav-list-item active"><a href="/docs/using-metasploit/advanced/meterpreter/meterpreter.html" class="nav-list-link">Overview</a><li class="nav-list-item active"><a href="/docs/using-metasploit/advanced/meterpreter/meterpreter-configuration.html" class="nav-list-link">Configuration</a><li class="nav-list-item active"><a href="/docs/using-metasploit/advanced/meterpreter/debugging-dead-meterpreter-sessions.html" class="nav-list-link">Debugging Dead Meterpreter Sessions</a><li class="nav-list-item active"><a href="/docs/using-metasploit/advanced/meterpreter/meterpreter-debugging-meterpreter-sessions.html" class="nav-list-link">Debugging Meterpreter Sessions</a><li class="nav-list-item active"><a href="/docs/using-metasploit/advanced/meterpreter/meterpreter-executebof-command.html" class="nav-list-link">ExecuteBof Command</a><li class="nav-list-item active"><a href="/docs/using-metasploit/advanced/meterpreter/meterpreter-http-communication.html" class="nav-list-link">HTTP Communication</a><li class="nav-list-item active"><a href="/docs/using-metasploit/advanced/meterpreter/how-to-get-started-with-writing-a-meterpreter-script.html" class="nav-list-link">How to get started with writing a Meterpreter script</a><li class="nav-list-item active"><a href="/docs/using-metasploit/advanced/meterpreter/meterpreter-paranoid-mode.html" class="nav-list-link">Paranoid Mode</a><li class="nav-list-item active"><a href="/docs/using-metasploit/advanced/meterpreter/powershell-extension.html" class="nav-list-link">Powershell Extension</a><li class="nav-list-item active"><a href="/docs/using-metasploit/advanced/meterpreter/python-extension.html" class="nav-list-link">Python Extension</a><li class="nav-list-item active"><a href="/docs/using-metasploit/advanced/meterpreter/meterpreter-reg-command.html" class="nav-list-link">Reg Command</a><li class="nav-list-item active"><a href="/docs/using-metasploit/advanced/meterpreter/meterpreter-reliable-network-communication.html" class="nav-list-link">Reliable Network Communication</a><li class="nav-list-item active"><a href="/docs/using-metasploit/advanced/meterpreter/meterpreter-sleep-control.html" class="nav-list-link">Sleep Control</a><li class="nav-list-item active"><a href="/docs/using-metasploit/advanced/meterpreter/meterpreter-stageless-mode.html" class="nav-list-link">Stageless Mode</a><li class="nav-list-item active"><a href="/docs/using-metasploit/advanced/meterpreter/the-ins-and-outs-of-http-and-https-communications-in-meterpreter-and-metasploit-stagers.html" class="nav-list-link">The ins and outs of HTTP and HTTPS communications in Meterpreter and Metasploit Stagers</a><li class="nav-list-item active"><a href="/docs/using-metasploit/advanced/meterpreter/meterpreter-timeout-control.html" class="nav-list-link">Timeout Control</a><li class="nav-list-item active"><a href="/docs/using-metasploit/advanced/meterpreter/meterpreter-transport-control.html" class="nav-list-link">Transport Control</a><li class="nav-list-item active"><a href="/docs/using-metasploit/advanced/meterpreter/meterpreter-unicode-support.html" class="nav-list-link">Unicode Support</a><li class="nav-list-item active"><a href="/docs/using-metasploit/advanced/meterpreter/meterpreter-wishlist.html" class="nav-list-link">Wishlist</a></ul><li class="nav-list-item active"><a href="#" class="nav-list-expander"><svg viewBox="0 0 24 24"><use xlink:href="#svg-arrow-right"></use></svg></a><a href="/docs/using-metasploit/advanced/RPC/" class="nav-list-link">RPC</a><ul class="nav-list"><li class="nav-list-item active"><a href="/docs/using-metasploit/advanced/RPC/how-to-use-metasploit-json-rpc.html" class="nav-list-link">How to use Metasploit JSON RPC</a><li class="nav-list-item active"><a href="/docs/using-metasploit/advanced/RPC/how-to-use-metasploit-messagepack-rpc.html" class="nav-list-link">How to use Metasploit Messagepack RPC</a></ul></ul><li class="nav-list-item active"><a href="#" class="nav-list-expander"><svg viewBox="0 0 24 24"><use xlink:href="#svg-arrow-right"></use></svg></a><a href="/docs/using-metasploit/other/" class="nav-list-link">Other</a><ul class="nav-list"><li class="nav-list-item active"><a href="/docs/using-metasploit/other/how-to-use-metasploit-mcp-server.html" class="nav-list-link">How to use Metasploit MCP Server</a><li class="nav-list-item active"><a href="/docs/using-metasploit/other/how-to-use-metasploit-with-ngrok.html" class="nav-list-link">How to use Metasploit with ngrok</a><li class="nav-list-item active"><a href="/docs/using-metasploit/other/how-to-use-the-favorite-command.html" class="nav-list-link">How to use the Favorite command</a><li class="nav-list-item active"><a href="/docs/using-metasploit/other/information-about-unmet-browser-exploit-requirements.html" class="nav-list-link">Information About Unmet Browser Exploit Requirements</a><li class="nav-list-item active"><a href="#" class="nav-list-expander"><svg viewBox="0 0 24 24"><use xlink:href="#svg-arrow-right"></use></svg></a><a href="/docs/using-metasploit/other/oracle-support/" class="nav-list-link">Oracle Support</a><ul class="nav-list"><li class="nav-list-item active"><a href="/docs/using-metasploit/other/oracle-support/how-to-get-oracle-support-working-with-kali-linux.html" class="nav-list-link">How to get Oracle Support working with Kali Linux</a><li class="nav-list-item active"><a href="/docs/using-metasploit/other/oracle-support/oracle-usage.html" class="nav-list-link">Oracle Usage</a></ul><li class="nav-list-item active"><a href="/docs/using-metasploit/other/why-cve-is-not-available.html" class="nav-list-link">Why CVE is not available</a></ul></ul><li class="nav-list-item active"><a href="#" class="nav-list-expander"><svg viewBox="0 0 24 24"><use xlink:href="#svg-arrow-right"></use></svg></a><a href="/docs/development/" class="nav-list-link active">Development</a><ul class="nav-list"><li class="nav-list-item active"><a href="#" class="nav-list-expander"><svg viewBox="0 0 24 24"><use xlink:href="#svg-arrow-right"></use></svg></a><a href="/docs/development/get-started/" class="nav-list-link">Get Started</a><ul class="nav-list"><li class="nav-list-item active"><a href="/docs/development/get-started/contributing-to-metasploit.html" class="nav-list-link">Contributing to Metasploit</a><li class="nav-list-item active"><a href="/docs/development/get-started/creating-your-first-pr.html" class="nav-list-link">Creating Your First PR</a><li class="nav-list-item active"><a href="/docs/development/get-started/setting-up-a-metasploit-development-environment.html" class="nav-list-link">Setting Up a Metasploit Development Environment</a><li class="nav-list-item active"><a href="/docs/development/get-started/sanitizing-pcaps.html" class="nav-list-link">Sanitizing PCAPs</a><li class="nav-list-item active"><a href="#" class="nav-list-expander"><svg viewBox="0 0 24 24"><use xlink:href="#svg-arrow-right"></use></svg></a><a href="/docs/development/get-started/git/" class="nav-list-link">Git</a><ul class="nav-list"><li class="nav-list-item active"><a href="/docs/development/get-started/git/git-reference-sites.html" class="nav-list-link">Git Reference Sites</a><li class="nav-list-item active"><a href="/docs/development/get-started/git/git-cheatsheet.html" class="nav-list-link">Git cheatsheet</a><li class="nav-list-item active"><a href="/docs/development/get-started/git/keeping-in-sync-with-rapid7-master.html" class="nav-list-link">Keeping in sync with rapid7 master</a><li class="nav-list-item active"><a href="/docs/development/get-started/git/remote-branch-pruning.html" class="nav-list-link">Remote Branch Pruning</a><li class="nav-list-item active"><a href="/docs/development/get-started/git/using-git.html" class="nav-list-link">Using Git</a></ul><li class="nav-list-item active"><a href="/docs/development/get-started/navigating-and-understanding-metasploits-codebase.html" class="nav-list-link">Navigating the codebase</a></ul><li class="nav-list-item active"><a href="#" class="nav-list-expander"><svg viewBox="0 0 24 24"><use xlink:href="#svg-arrow-right"></use></svg></a><a href="/docs/development/developing-modules/" class="nav-list-link active">Developing Modules</a><ul class="nav-list"><li class="nav-list-item active"><a href="#" class="nav-list-expander"><svg viewBox="0 0 24 24"><use xlink:href="#svg-arrow-right"></use></svg></a><a href="/docs/development/developing-modules/guides/" class="nav-list-link">Guides</a><ul class="nav-list"><li class="nav-list-item active"><a href="#" class="nav-list-expander"><svg viewBox="0 0 24 24"><use xlink:href="#svg-arrow-right"></use></svg></a><a href="/docs/development/developing-modules/guides/scanners/" class="nav-list-link">Scanners</a><ul class="nav-list"><li class="nav-list-item active"><a href="/docs/development/developing-modules/guides/scanners/how-to-write-a-http-loginscanner-module.html" class="nav-list-link">Writing a HTTP LoginScanner</a><li class="nav-list-item active"><a href="/docs/development/developing-modules/guides/scanners/creating-metasploit-framework-loginscanners.html" class="nav-list-link">Writing an FTP LoginScanner</a></ul><li class="nav-list-item active"><a href="/docs/development/developing-modules/guides/how-to-check-microsoft-patch-levels-for-your-exploit.html" class="nav-list-link">How to check Microsoft patch levels for your exploit</a><li class="nav-list-item active"><a href="/docs/development/developing-modules/guides/how-to-use-fetch-payloads.html" class="nav-list-link">How to use Fetch Payloads</a><li class="nav-list-item active"><a href="/docs/development/developing-modules/guides/how-to-use-command-stagers.html" class="nav-list-link">How to use command stagers</a><li class="nav-list-item active"><a href="/docs/development/developing-modules/guides/how-to-write-a-check-method.html" class="nav-list-link">How to write a check method</a><li class="nav-list-item active"><a href="/docs/development/developing-modules/guides/how-to-write-a-cmd-injection-module.html" class="nav-list-link">How to write a cmd injection module</a><li class="nav-list-item active"><a href="/docs/development/developing-modules/guides/how-to-write-a-browser-exploit-using-httpserver.html" class="nav-list-link">Writing a browser exploit</a><li class="nav-list-item active"><a href="/docs/development/developing-modules/guides/how-to-get-started-with-writing-a-post-module.html" class="nav-list-link">Writing a post module</a><li class="nav-list-item active"><a href="/docs/development/developing-modules/guides/how-to-get-started-with-writing-an-auxiliary-module.html" class="nav-list-link">Writing an auxiliary module</a><li class="nav-list-item active"><a href="/docs/development/developing-modules/guides/get-started-writing-an-exploit.html" class="nav-list-link">Writing an exploit</a></ul><li class="nav-list-item active"><a href="#" class="nav-list-expander"><svg viewBox="0 0 24 24"><use xlink:href="#svg-arrow-right"></use></svg></a><a href="/docs/development/developing-modules/external-modules/" class="nav-list-link">External Modules</a><ul class="nav-list"><li class="nav-list-item active"><a href="/docs/development/developing-modules/external-modules/writing-external-metasploit-modules.html" class="nav-list-link">Overview</a><li class="nav-list-item active"><a href="/docs/development/developing-modules/external-modules/writing-external-golang-modules.html" class="nav-list-link">Writing GoLang Modules</a><li class="nav-list-item active"><a href="/docs/development/developing-modules/external-modules/writing-external-python-modules.html" class="nav-list-link">Writing Python Modules</a></ul><li class="nav-list-item active"><a href="#" class="nav-list-expander"><svg viewBox="0 0 24 24"><use xlink:href="#svg-arrow-right"></use></svg></a><a href="/docs/development/developing-modules/module-metadata/" class="nav-list-link">Module metadata</a><ul class="nav-list"><li class="nav-list-item active"><a href="/docs/development/developing-modules/module-metadata/definition-of-module-reliability-side-effects-and-stability.html" class="nav-list-link">Definition of Module Reliability Side Effects and Stability</a><li class="nav-list-item active"><a href="/docs/development/developing-modules/module-metadata/how-to-use-datastore-options.html" class="nav-list-link">How to use datastore options</a><li class="nav-list-item active"><a href="/docs/development/developing-modules/module-metadata/module-reference-identifiers.html" class="nav-list-link">Module Reference Identifiers</a></ul><li class="nav-list-item active"><a href="#" class="nav-list-expander"><svg viewBox="0 0 24 24"><use xlink:href="#svg-arrow-right"></use></svg></a><a href="/docs/development/developing-modules/libraries/" class="nav-list-link active">Libraries</a><ul class="nav-list"><li class="nav-list-item active"><a href="/docs/development/developing-modules/libraries/api.html" class="nav-list-link">API</a><li class="nav-list-item active"><a href="/docs/development/developing-modules/libraries/how-to-use-msf-auxiliary-authbrute-to-write-a-bruteforcer.html" class="nav-list-link">AuthBrute</a><li class="nav-list-item active"><a href="/docs/development/developing-modules/libraries/how-to-cleanup-after-module-execution.html" class="nav-list-link">Cleanup</a><li class="nav-list-item active"><a href="#" class="nav-list-expander"><svg viewBox="0 0 24 24"><use xlink:href="#svg-arrow-right"></use></svg></a><a href="/docs/development/developing-modules/libraries/c/" class="nav-list-link">Compiling C</a><ul class="nav-list"><li class="nav-list-item active"><a href="/docs/development/developing-modules/libraries/c/how-to-use-metasploit-framework-compiler-windows-to-compile-c-code.html" class="nav-list-link">Overview</a><li class="nav-list-item active"><a href="/docs/development/developing-modules/libraries/c/how-to-decode-base64-with-metasploit-framework-compiler.html" class="nav-list-link">Base64 Support</a><li class="nav-list-item active"><a href="/docs/development/developing-modules/libraries/c/how-to-decrypt-rc4-with-metasploit-framework-compiler.html" class="nav-list-link">RC4 Support</a><li class="nav-list-item active"><a href="/docs/development/developing-modules/libraries/c/how-to-xor-with-metasploit-framework-compiler.html" class="nav-list-link">XOR Support</a></ul><li class="nav-list-item active"><a href="#" class="nav-list-expander"><svg viewBox="0 0 24 24"><use xlink:href="#svg-arrow-right"></use></svg></a><a href="/docs/development/developing-modules/libraries/deserialization/" class="nav-list-link">Deserialization</a><ul class="nav-list"><li class="nav-list-item active"><a href="/docs/development/developing-modules/libraries/deserialization/dot-net-deserialization.html" class="nav-list-link">Dot Net Deserialization</a><li class="nav-list-item active"><a href="/docs/development/developing-modules/libraries/deserialization/generating-ysoserial-java-serialized-objects.html" class="nav-list-link">Java Deserialization</a></ul><li class="nav-list-item active"><a href="/docs/development/developing-modules/libraries/handling-module-failures-with-fail_with.html" class="nav-list-link">Fail_with</a><li class="nav-list-item active"><a href="/docs/development/developing-modules/libraries/how-to-use-the-fileformat-mixin-to-create-a-file-format-exploit.html" class="nav-list-link">Fileformat</a><li class="nav-list-item active"><a href="/docs/development/developing-modules/libraries/how-to-use-the-git-mixin-to-write-an-exploit-module.html" class="nav-list-link active">Git Mixin</a><li class="nav-list-item active"><a href="#" class="nav-list-expander"><svg viewBox="0 0 24 24"><use xlink:href="#svg-arrow-right"></use></svg></a><a href="/docs/development/developing-modules/libraries/http/" class="nav-list-link">HTTP</a><ul class="nav-list"><li class="nav-list-item active"><a href="/docs/development/developing-modules/libraries/http/how-to-write-a-browser-exploit-using-browserexploitserver.html" class="nav-list-link">BrowserExploitServer</a><li class="nav-list-item active"><a href="/docs/development/developing-modules/libraries/http/how-to-send-an-http-request-using-httpclient.html" class="nav-list-link">How to Send an HTTP Request Using HttpClient</a><li class="nav-list-item active"><a href="/docs/development/developing-modules/libraries/http/how-to-parse-an-http-response.html" class="nav-list-link">How to parse an HTTP response</a><li class="nav-list-item active"><a href="/docs/development/developing-modules/libraries/http/how-to-send-an-http-request-using-rex-proto-http-client.html" class="nav-list-link">How to send an HTTP request using Rex Proto Http Client</a><li class="nav-list-item active"><a href="/docs/development/developing-modules/libraries/http/how-to-write-a-module-using-httpserver-and-httpclient.html" class="nav-list-link">How to write a module using HttpServer and HttpClient</a></ul><li class="nav-list-item active"><a href="/docs/development/developing-modules/libraries/how-to-log-in-metasploit.html" class="nav-list-link">Logging</a><li class="nav-list-item active"><a href="#" class="nav-list-expander"><svg viewBox="0 0 24 24"><use xlink:href="#svg-arrow-right"></use></svg></a><a href="/docs/development/developing-modules/libraries/obfuscation/" class="nav-list-link">Obfuscation</a><ul class="nav-list"><li class="nav-list-item active"><a href="/docs/development/developing-modules/libraries/obfuscation/how-to-use-metasploit-framework-obfuscation-crandomizer.html" class="nav-list-link">C Obfuscation</a><li class="nav-list-item active"><a href="/docs/development/developing-modules/libraries/obfuscation/how-to-obfuscate-javascript-in-metasploit.html" class="nav-list-link">JavaScript Obfuscation</a></ul><li class="nav-list-item active"><a href="/docs/development/developing-modules/libraries/how-to-use-phpexe-to-exploit-an-arbitrary-file-upload-bug.html" class="nav-list-link">PhpExe</a><li class="nav-list-item active"><a href="/docs/development/developing-modules/libraries/post-mixins.html" class="nav-list-link">PostMixins</a><li class="nav-list-item active"><a href="/docs/development/developing-modules/libraries/how-to-use-powershell-in-an-exploit.html" class="nav-list-link">Powershell</a><li class="nav-list-item active"><a href="/docs/development/developing-modules/libraries/how-to-use-railgun-for-windows-post-exploitation.html" class="nav-list-link">Railgun</a><li class="nav-list-item active"><a href="/docs/development/developing-modules/libraries/using-reflectivedll-injection.html" class="nav-list-link">ReflectiveDLL Injection</a><li class="nav-list-item active"><a href="/docs/development/developing-modules/libraries/how-to-do-reporting-or-store-data-in-module-development.html" class="nav-list-link">Reporting and Storing Data</a><li class="nav-list-item active"><a href="/docs/development/developing-modules/libraries/how-to-use-the-seh-mixin-to-exploit-an-exception-handler.html" class="nav-list-link">SEH Exploitation</a><li class="nav-list-item active"><a href="#" class="nav-list-expander"><svg viewBox="0 0 24 24"><use xlink:href="#svg-arrow-right"></use></svg></a><a href="/docs/development/developing-modules/libraries/smb_library/" class="nav-list-link">SMB Library</a><ul class="nav-list"><li class="nav-list-item active"><a href="/docs/development/developing-modules/libraries/smb_library/guidelines-for-writing-modules-with-smb.html" class="nav-list-link">Guidelines for Writing Modules with SMB</a><li class="nav-list-item active"><a href="/docs/development/developing-modules/libraries/smb_library/what-my-rex-proto-smb-error-means.html" class="nav-list-link">What my Rex Proto SMB Error means</a></ul><li class="nav-list-item active"><a href="/docs/development/developing-modules/libraries/sql-injection-libraries.html" class="nav-list-link">SQL Injection</a><li class="nav-list-item active"><a href="/docs/development/developing-modules/libraries/how-to-use-the-msf-exploit-remote-tcp-mixin.html" class="nav-list-link">TCP</a><li class="nav-list-item active"><a href="/docs/development/developing-modules/libraries/how-to-use-wbemexec-for-a-write-privilege-attack-on-windows.html" class="nav-list-link">WbemExec</a><li class="nav-list-item active"><a href="/docs/development/developing-modules/libraries/how-to-zip-files-with-msf-util-exe-to_zip.html" class="nav-list-link">Zip</a></ul></ul><li class="nav-list-item active"><a href="#" class="nav-list-expander"><svg viewBox="0 0 24 24"><use xlink:href="#svg-arrow-right"></use></svg></a><a href="/docs/development/google-summer-of-code/" class="nav-list-link">Google Summer of Code</a><ul class="nav-list"><li class="nav-list-item active"><a href="/docs/development/google-summer-of-code/gsoc-2017-mentor-organization-application.html" class="nav-list-link">2017 Mentor Organization Application</a><li class="nav-list-item active"><a href="/docs/development/google-summer-of-code/gsoc-2017-project-ideas.html" class="nav-list-link">2017 Project Ideas</a><li class="nav-list-item active"><a href="/docs/development/google-summer-of-code/gsoc-2017-student-proposal.html" class="nav-list-link">2017 Student Proposal</a><li class="nav-list-item active"><a href="/docs/development/google-summer-of-code/gsoc-2018-project-ideas.html" class="nav-list-link">2018 Project Ideas</a><li class="nav-list-item active"><a href="/docs/development/google-summer-of-code/gsoc-2019-project-ideas.html" class="nav-list-link">2019 Project Ideas</a><li class="nav-list-item active"><a href="/docs/development/google-summer-of-code/gsoc-2020-project-ideas.html" class="nav-list-link">2020 Project Ideas</a><li class="nav-list-item active"><a href="/docs/development/google-summer-of-code/gsoc-2021-project-ideas.html" class="nav-list-link">2021 Project Ideas</a><li class="nav-list-item active"><a href="/docs/development/google-summer-of-code/gsoc-2022-project-ideas.html" class="nav-list-link">2022 Project Ideas</a><li class="nav-list-item active"><a href="/docs/development/google-summer-of-code/gsoc-2023-project-ideas.html" class="nav-list-link">2023 Project Ideas</a><li class="nav-list-item active"><a href="/docs/development/google-summer-of-code/gsoc-2026-project-ideas.html" class="nav-list-link">2026 Project Ideas</a><li class="nav-list-item active"><a href="/docs/development/google-summer-of-code/how-to-apply-to-gsoc.html" class="nav-list-link">How to Apply to GSoC</a></ul><li class="nav-list-item active"><a href="#" class="nav-list-expander"><svg viewBox="0 0 24 24"><use xlink:href="#svg-arrow-right"></use></svg></a><a href="/docs/development/maintainers/" class="nav-list-link">Maintainers</a><ul class="nav-list"><li class="nav-list-item active"><a href="/docs/development/maintainers/committer-keys.html" class="nav-list-link">Committer Keys</a><li class="nav-list-item active"><a href="/docs/development/maintainers/committer-rights.html" class="nav-list-link">Committer Rights</a><li class="nav-list-item active"><a href="/docs/development/maintainers/downloads-by-version.html" class="nav-list-link">Downloads by Version</a><li class="nav-list-item active"><a href="/docs/development/maintainers/metasploit-hackathons.html" class="nav-list-link">Metasploit Hackathons</a><li class="nav-list-item active"><a href="/docs/development/maintainers/metasploit-loginpalooza.html" class="nav-list-link">Metasploit Loginpalooza</a><li class="nav-list-item active"><a href="#" class="nav-list-expander"><svg viewBox="0 0 24 24"><use xlink:href="#svg-arrow-right"></use></svg></a><a href="/docs/development/maintainers/process/" class="nav-list-link">Process</a><ul class="nav-list"><li class="nav-list-item active"><a href="/docs/development/maintainers/process/assigning-labels.html" class="nav-list-link">Assigning Labels</a><li class="nav-list-item active"><a href="/docs/development/maintainers/process/guidelines-for-accepting-modules-and-enhancements.html" class="nav-list-link">Guidelines for Accepting Modules and Enhancements</a><li class="nav-list-item active"><a href="/docs/development/maintainers/process/how-to-deprecate-a-metasploit-module.html" class="nav-list-link">How to deprecate a Metasploit module</a><li class="nav-list-item active"><a href="/docs/development/maintainers/process/landing-pull-requests.html" class="nav-list-link">Landing Pull Requests</a><li class="nav-list-item active"><a href="/docs/development/maintainers/process/adding-release-notes-to-prs.html" class="nav-list-link">Release Notes</a><li class="nav-list-item active"><a href="/docs/development/maintainers/process/rolling-back-merges.html" class="nav-list-link">Rolling back merges</a><li class="nav-list-item active"><a href="/docs/development/maintainers/process/unstable-modules.html" class="nav-list-link">Unstable Modules</a></ul><li class="nav-list-item active"><a href="#" class="nav-list-expander"><svg viewBox="0 0 24 24"><use xlink:href="#svg-arrow-right"></use></svg></a><a href="/docs/development/maintainers/ruby-gems/" class="nav-list-link">Ruby Gems</a><ul class="nav-list"><li class="nav-list-item active"><a href="/docs/development/maintainers/ruby-gems/how-to-add-and-update-gems-in-metasploit-framework.html" class="nav-list-link">Adding and Updating</a><li class="nav-list-item active"><a href="/docs/development/maintainers/ruby-gems/merging-metasploit-payload-gem-updates.html" class="nav-list-link">Merging Metasploit Payload Gem Updates</a><li class="nav-list-item active"><a href="/docs/development/maintainers/ruby-gems/using-local-gems.html" class="nav-list-link">Using local Gems</a></ul></ul><li class="nav-list-item active"><a href="#" class="nav-list-expander"><svg viewBox="0 0 24 24"><use xlink:href="#svg-arrow-right"></use></svg></a><a href="/docs/development/propsals/" class="nav-list-link">Proposals</a><ul class="nav-list"><li class="nav-list-item active"><a href="/docs/development/propsals/bundled-modules-proposal.html" class="nav-list-link">Bundled Modules Proposal</a><li class="nav-list-item active"><a href="/docs/development/propsals/java-meterpreter-feature-parity-proposal.html" class="nav-list-link">Java Meterpreter Feature Parity Proposal</a><li class="nav-list-item active"><a href="/docs/development/propsals/msf6-feature-proposals.html" class="nav-list-link">MSF6 Feature Proposals</a><li class="nav-list-item active"><a href="/docs/development/propsals/metasploit-url-support-proposal.html" class="nav-list-link">Metasploit URL support proposal</a><li class="nav-list-item active"><a href="/docs/development/propsals/payload-rename-justification.html" class="nav-list-link">Payload Rename Justification</a><li class="nav-list-item active"><a href="/docs/development/propsals/uberhandler.html" class="nav-list-link">Uberhandler</a><li class="nav-list-item active"><a href="/docs/development/propsals/work-needed-to-allow-msfdb-to-use-postgresql-common.html" class="nav-list-link">Work needed to allow msfdb to use postgresql common</a></ul><li class="nav-list-item active"><a href="#" class="nav-list-expander"><svg viewBox="0 0 24 24"><use xlink:href="#svg-arrow-right"></use></svg></a><a href="/docs/development/quality/" class="nav-list-link">Quality</a><ul class="nav-list"><li class="nav-list-item active"><a href="/docs/development/quality/common-metasploit-module-coding-mistakes.html" class="nav-list-link">Common Metasploit Module Coding Mistakes</a><li class="nav-list-item active"><a href="/docs/development/quality/loading-test-modules.html" class="nav-list-link">Loading Test Modules</a><li class="nav-list-item active"><a href="/docs/development/quality/measuring-metasploit-performance.html" class="nav-list-link">Measuring Metasploit Performance</a><li class="nav-list-item active"><a href="/docs/development/quality/msftidy.html" class="nav-list-link">Msftidy</a><li class="nav-list-item active"><a href="/docs/development/quality/payload-testing.html" class="nav-list-link">Payload Testing</a><li class="nav-list-item active"><a href="/docs/development/quality/style-tips.html" class="nav-list-link">Style Tips</a><li class="nav-list-item active"><a href="/docs/development/quality/using-rubocop.html" class="nav-list-link">Using Rubocop</a><li class="nav-list-item active"><a href="/docs/development/quality/writing-module-documentation.html" class="nav-list-link">Writing Module Documentation</a></ul><li class="nav-list-item active"><a href="#" class="nav-list-expander"><svg viewBox="0 0 24 24"><use xlink:href="#svg-arrow-right"></use></svg></a><a href="/docs/development/roadmap/" class="nav-list-link">Roadmap</a><ul class="nav-list"><li class="nav-list-item active"><a href="/docs/development/roadmap/2017-roadmap.html" class="nav-list-link">2017 Roadmap</a><li class="nav-list-item active"><a href="/docs/development/roadmap/2017-roadmap-review.html" class="nav-list-link">2017 Roadmap Review</a><li class="nav-list-item active"><a href="/docs/development/roadmap/metasploit-breaking-changes.html" class="nav-list-link">Metasploit Breaking Changes</a><li class="nav-list-item active"><a href="/docs/development/roadmap/metasploit-data-service-enhancements-goliath.html" class="nav-list-link">Metasploit Data Service</a><li class="nav-list-item active"><a href="/docs/development/roadmap/metasploit-5-release-notes.html" class="nav-list-link">Metasploit Framework 5.0 Release Notes</a><li class="nav-list-item active"><a href="/docs/development/roadmap/metasploit-6-release-notes.html" class="nav-list-link">Metasploit Framework 6.0 Release Notes</a><li class="nav-list-item active"><a href="/docs/development/roadmap/metasploit-framework-wish-list.html" class="nav-list-link">Metasploit Framework Wish List</a></ul></ul><li class="nav-list-item active"><a href="/docs/contact.html" class="nav-list-link">Contact</a></ul></nav><footer class="site-footer"> This site uses <a href="https://github.com/pmarsceill/just-the-docs">Just the Docs</a>, a documentation theme for Jekyll.</footer></div><div class="main" id="top"><div id="main-header" class="main-header"><div class="search"><div class="search-input-wrap"> <input type="text" id="search-input" class="search-input" tabindex="0" placeholder="Search Metasploit Documentation" aria-label="Search Metasploit Documentation" autocomplete="off"> <label for="search-input" class="search-label"><svg viewBox="0 0 24 24" class="search-icon"><use xlink:href="#svg-search"></use></svg></label></div><div id="search-results" class="search-results"></div></div><link rel="stylesheet" href="/assets/css/main.css"><nav aria-label="Auxiliary" class="aux-nav"><ul class="aux-nav-list"><li class="aux-nav-list-item"> <a href="//github.com/rapid7/metasploit-framework" class="site-button" target="_blank" rel="noopener noreferrer" > Metasploit Framework on GitHub </a></ul></nav></div><div id="main-content-wrap" class="main-content-wrap"><nav aria-label="Breadcrumb" class="breadcrumb-nav"><ol class="breadcrumb-nav-list"><li class="breadcrumb-nav-list-item"> <a href="/docs/development/">Development</a><li class="breadcrumb-nav-list-item"> <a href="/docs/development/developing-modules/">Developing Modules</a><li class="breadcrumb-nav-list-item"> <a href="/docs/development/developing-modules/libraries/">Libraries</a><li class="breadcrumb-nav-list-item"> <span>Git Mixin</span></ol></nav><div id="main-content" class="main-content" role="main"><p>This page walks through the process of creating an exploit module for vulnerable Git clients.</p><h3 id="building-a-repository"> <a href="#building-a-repository" class="anchor-heading" aria-labelledby="building-a-repository"><svg viewBox="0 0 16 16" aria-hidden="true"><use xlink:href="#svg-link"></use></svg></a> Building a Repository</h3><p>Many of the existing Git exploits in Metasploit rely on being able to host a valid repository that a Git client can successfully clone. So to get started with building an exploit, the contents of the repo need to be decided on first.</p><p>Let’s say that the repository is something like the following:</p><div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>space@vm:~/test-repo$ ls -al
total 20
drwxrwxr-x  4 space space 4096 Sep 16 14:06 .
drwxr-x--- 23 space space 4096 Sep 16 14:05 ..
drwxrwxr-x  2 space space 4096 Sep 16 14:06 dir
-rw-rw-r--  1 space space   10 Sep 16 14:06 file.txt
drwxrwxr-x  7 space space 4096 Sep 16 14:06 .git
space@vm:~/test-repo$ ls -al dir
total 12
drwxrwxr-x 2 space space 4096 Sep 16 14:06 .
drwxrwxr-x 4 space space 4096 Sep 16 14:06 ..
-rw-rw-r-- 1 space space    5 Sep 16 14:06 test_file.txt
</code></pre></div></div><p>The <code class="language-plaintext highlighter-rouge">.git</code> directory is the only component of the repository that won’t be sent, so the repository will consist of the <code class="language-plaintext highlighter-rouge">file.txt</code>, the <code class="language-plaintext highlighter-rouge">dir</code> folder, and the <code class="language-plaintext highlighter-rouge">test_file.txt</code> file that lives within the <code class="language-plaintext highlighter-rouge">dir</code> folder. Every file and directory inside the repo is represented as a Git object: File contents are represented as blob objects which get coupled together to form a tree object. Lastly, a commit object is created to hold information about the tree object, including the tree’s sha, the author of the commit, a commit message, etc.</p><p>There will need to be two tree objects to represent the contents of <code class="language-plaintext highlighter-rouge">dir</code> and the contents of the root of the repository. Starting with the contents of <code class="language-plaintext highlighter-rouge">dir</code>, a blob object needs to be created to represent the contents of <code class="language-plaintext highlighter-rouge">test_file.txt</code>:</p><div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>space@vm:~/test-repo$ cat dir/test_file.txt
test
</code></pre></div></div><p>The <a href="https://github.com/rapid7/metasploit-framework/blob/b1a6d9d30778bed11276ac8685f88d0a4dc98e19/lib/msf/core/exploit/git.rb">Git mixin</a> contains the functionality for building a Git object. To build a blob object, the <code class="language-plaintext highlighter-rouge">build_blob_object()</code> class method should be used:</p><div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>&gt;&gt; contents = "test\n"
=&gt; "test\n"
&gt;&gt; blob = Msf::Exploit::Git::GitObject.build_blob_object(contents)
=&gt;
#&lt;Msf::Exploit::Git::GitObject:0x00007fe163c75cd0
</code></pre></div></div><p>The resulting object will contain the object type, its original contents, its compressed contents, its sha, and its path (where the commit object will be stored client side). Since this will be the only file in the <code class="language-plaintext highlighter-rouge">dir</code> folder, the tree object can be created with <code class="language-plaintext highlighter-rouge">Msf::Exploit::Git::GitObject.build_tree_object()</code>. A tree object is represented differently, holding information about each file contained in the directory, such as file permissions, file name, object type, and the file’s sha1 hash. Because of that, the <code class="language-plaintext highlighter-rouge">build_tree_object()</code> expects a hash or an array of hashes, where each hash looks like the following:</p><div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>&gt;&gt; tree_entry =
{
	mode: '100644',
	file_name: 'test_file.txt',
	sha1: blob.sha1
}
</code></pre></div></div><p>And using that, the tree object can now be created:</p><div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>&gt;&gt; tree_object = Msf::Exploit::Git::GitObject.build_tree_object(tree_entry)
=&gt;
#&lt;Msf::Exploit::Git::GitObject:0x00007fe161b0cd78
</code></pre></div></div><p>Now that the <code class="language-plaintext highlighter-rouge">dir</code> folder is represented in Git objects, we can represent the root of the repository. That just requires creating a <code class="language-plaintext highlighter-rouge">blob</code> object for <code class="language-plaintext highlighter-rouge">file.txt</code>, creating a <code class="language-plaintext highlighter-rouge">tree</code> object representing the top-level directory, and finally a commit object.</p><p>Again, a blob object needs to be created to represent the contents of the remaining file:</p><div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>space@vm:~/test-repo$ cat file.txt
some text
</code></pre></div></div><div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>&gt;&gt; contents = "some text\n"
=&gt; "some text\n"
&gt;&gt; file_blob = Msf::Exploit::Git::GitObject.build_blob_object(contents)
=&gt;
#&lt;Msf::Exploit::Git::GitObject:0x00007fe163bf54b8
...
</code></pre></div></div><p>Then, a new tree object needs to be created to represent the top-level directory, which includes <code class="language-plaintext highlighter-rouge">file.txt</code> and the <code class="language-plaintext highlighter-rouge">dir</code> folder:</p><div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>?&gt; entries = [
?&gt;   {
?&gt;     mode: '100644',
?&gt;     file_name: 'file.txt',
?&gt;     sha1: file_blob.sha1
?&gt;   },
?&gt;   {
?&gt;     mode: '040000',
?&gt;     file_name: 'dir',
?&gt;     sha1: tree_object.sha1
?&gt;   }
&gt;&gt; ]
=&gt; [{:mode=&gt;"100644", :file_name=&gt;"file.txt", :sha1=&gt;"b649a9bf89116c581f8329b8ec3c79a86a70...
&gt;&gt; top_level_obj = Msf::Exploit::Git::GitObject.build_tree_object(entries)
</code></pre></div></div><p>The <code class="language-plaintext highlighter-rouge">build_commit_object()</code> method takes a hash that expects the sha1 hash for the tree created, the sha1 hash for the parent commit if one exists, and optional data such as an author name, email address, company name, commit message, etc. If the user chooses not to pass in data for the optional data, <code class="language-plaintext highlighter-rouge">Faker</code> will generate random data for them.</p><div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>&gt;&gt; commit_object = Msf::Exploit::Git::GitObject.build_commit_object(tree_sha1: top_level_obj.sh
a1)
=&gt;
#&lt;Msf::Exploit::Git::GitObject:0x00007fe1533ac848
...
&gt;&gt; commit_object
=&gt;
#&lt;Msf::Exploit::Git::GitObject:0x00007fe1533ac848
 @compressed=
  "x\x9C\x95\xCEA\x0E\xC2 \x10\x05P\xD7\x9Cb&lt;@\r\x1DZ\xCA\xC2\x18\xE3\xCE\xA8g0XF!\xB6\xD0\x00]x{I\xED\x05\\\xCD\xE4'\xF3\xFE\xF4a\x1C]\x06\x14j\x93#\x11pe\b\el5u]cL#\xD1\x18\xC9\x05\x97\x92\x04*\xF3h\xA5P}\xC7\x89\xE99\xDB\x10\xE1\xEA\x92\xF6&amp;j\xB8\xCC\x93\xD5\x03\xEC\xDF\xCB\xBC\x0Fk~\xB43\ri\xE7)\x1F\xA0\xAEU[\x10l\x05T\x85\xE4\xAC_\xCA3\xFD\xC7\xA8\x0E%\nQ\xE3\xAA\xB0\xB3w\xD9\x95\xA3\x1F\a9@\x98\xC8\xC3\xAB\xEC\x91\xA6\x90\\\x0E\xF1\x03\xCF\xF2\xED\xC9\xF9T\xDD\x82\x8D[\xF6\x05s\xF7P\x89",
 @content=
  "tree 08de2425ae774dd462dd603066e328db5638c70e\nauthor Lisandra Kuphal &lt;kuphal_lisandra@huels.net&gt; 1185328253 -0300\ncommitter Lisandra Kuphal &lt;kuphal_lisandra@huels.net&gt; 872623312 -0300\n\nInitial commit to open git repository for Bins-Mohr!\n",
 @path="01/8856fe17403b0991e5d1d3eb7f62dca4d8e951",
 @sha1="018856fe17403b0991e5d1d3eb7f62dca4d8e951",
 @type="commit"&gt;
</code></pre></div></div><p>That’s all that is needed to create a valid repository in Metasploit.</p><h3 id="hosting-the-repository"> <a href="#hosting-the-repository" class="anchor-heading" aria-labelledby="hosting-the-repository"><svg viewBox="0 0 16 16" aria-hidden="true"><use xlink:href="#svg-link"></use></svg></a> Hosting the Repository</h3><p>Metasploit’s current implementation of the Git protocol works over HTTP (<a href="https://git-scm.com/docs/http-protocol">SmartHttp docs</a>), so to host a malicious repository with Metasploit, the exploit module needs to leverage the <code class="language-plaintext highlighter-rouge">Msf::Exploit::Remote::HttpServer</code> mixin. Additionally, the <a href="https://github.com/rapid7/metasploit-framework/blob/b1a6d9d30778bed11276ac8685f88d0a4dc98e19/lib/msf/core/exploit/git.rb">Git</a> and <a href="https://github.com/rapid7/metasploit-framework/blob/b1a6d9d30778bed11276ac8685f88d0a4dc98e19/lib/msf/core/exploit/git/smart_http.rb">Git SmartHttp</a> mixins need to be included to build objects and create appropriate responses for the client’s requests.</p><p>The module should look similar to other exploit modules that use the HttpServer mixin, defining an <code class="language-plaintext highlighter-rouge">on_request_uri()</code> method, a <code class="language-plaintext highlighter-rouge">primer()</code> method, and an <code class="language-plaintext highlighter-rouge">exploit()</code> method. The <code class="language-plaintext highlighter-rouge">primer()</code> method is first to execute, so setup for things like the repository uri can happen there:</p><div class="language-ruby highlighter-rouge"><div class="highlight"><pre class="highlight"><code>  <span class="c1"># Creates a random uri for the Git repo, ensuring that there are no spaces</span>
  <span class="k">def</span> <span class="nf">create_git_uri</span>
    <span class="s2">"/</span><span class="si">#{</span><span class="no">Faker</span><span class="o">::</span><span class="no">App</span><span class="p">.</span><span class="nf">name</span><span class="p">.</span><span class="nf">downcase</span><span class="si">}</span><span class="s2">.git"</span><span class="p">.</span><span class="nf">gsub</span><span class="p">(</span><span class="s1">' '</span><span class="p">,</span> <span class="s1">'-'</span><span class="p">)</span>
  <span class="k">end</span>

  <span class="c1"># Uses GIT_URI datastore option or randomly generates a repo URI</span>
  <span class="c1"># Registers the URI with the http server and prints the entire path that client should pass to git clone</span>
  <span class="k">def</span> <span class="nf">primer</span>
    <span class="vi">@git_repo_uri</span> <span class="o">=</span> <span class="n">datastore</span><span class="p">[</span><span class="s1">'GIT_URI'</span><span class="p">].</span><span class="nf">empty?</span> <span class="p">?</span> <span class="n">create_git_uri</span> <span class="p">:</span> <span class="n">datastore</span><span class="p">[</span><span class="s1">'GIT_URI'</span><span class="p">]</span>
    <span class="vi">@git_addr</span> <span class="o">=</span> <span class="no">URI</span><span class="p">.</span><span class="nf">parse</span><span class="p">(</span><span class="n">get_uri</span><span class="p">).</span><span class="nf">merge</span><span class="p">(</span><span class="vi">@git_repo_uri</span><span class="p">)</span>
    <span class="n">print_status</span><span class="p">(</span><span class="s2">"Git repository to clone: </span><span class="si">#{</span><span class="vi">@git_addr</span><span class="si">}</span><span class="s2">"</span><span class="p">)</span>
    <span class="n">hardcoded_uripath</span><span class="p">(</span><span class="vi">@git_repo_uri</span><span class="p">)</span>
  <span class="k">end</span>
</code></pre></div></div><p>Next, the <code class="language-plaintext highlighter-rouge">exploit()</code> method can be used to set up the repository. The code used in the <code class="language-plaintext highlighter-rouge">Building a Repository</code> section can be placed here before entering the listen / accept loop.</p><p>The <code class="language-plaintext highlighter-rouge">on_request_uri()</code> method is where most of the module logic will live. No matter what the client sends, the request should first be parsed by <code class="language-plaintext highlighter-rouge">Msf::Exploit::Git::SmartHttp::Request.parse_raw_request()</code>. The <code class="language-plaintext highlighter-rouge">parse_raw_request()</code> method will format the request so it is easier to work with. The first request that a client will send when cloning a repository is a reference discovery request. The client will expect things like server capabilities and the reference that <code class="language-plaintext highlighter-rouge">HEAD</code> points to in the response. Since this is a simple repo only one branch will exist, so <code class="language-plaintext highlighter-rouge">HEAD</code> will point to <code class="language-plaintext highlighter-rouge">refs/heads/master</code> and <code class="language-plaintext highlighter-rouge">refs/heads/master</code> will point to the latest commit in the repo, which in this case is the only commit in the repo. This can be represented as the following hash:</p><div class="language-ruby highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="n">refs</span> <span class="o">=</span>
<span class="p">{</span>
	<span class="s1">'HEAD'</span> <span class="o">=&gt;</span> <span class="s1">'refs/heads/master'</span><span class="p">,</span>
	<span class="s1">'refs/heads/master'</span> <span class="o">=&gt;</span> <span class="n">commit_object</span><span class="p">.</span><span class="nf">sha1</span>
<span class="p">}</span>
</code></pre></div></div><p>Creating a proper response to a <code class="language-plaintext highlighter-rouge">ref-discovery</code> request is done through <code class="language-plaintext highlighter-rouge">Msf::Exploit::Git::SmartHttp.get_ref_discovery_response()</code>. It takes two parameters: The request object from <code class="language-plaintext highlighter-rouge">parse_raw_request()</code> and the above <code class="language-plaintext highlighter-rouge">refs</code> hash. After the response is built, it can be sent back to the client.:</p><div class="language-ruby highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="n">response</span> <span class="o">=</span> <span class="n">get_ref_discovery_response</span><span class="p">(</span><span class="n">request</span><span class="p">,</span> <span class="vi">@refs</span><span class="p">)</span>
<span class="n">cli</span><span class="p">.</span><span class="nf">send_response</span><span class="p">(</span><span class="n">response</span><span class="p">)</span>
</code></pre></div></div><p>If the client successfully receives the <code class="language-plaintext highlighter-rouge">ref-discovery</code> response, it will then send an <code class="language-plaintext highlighter-rouge">upload-pack</code> request. The <code class="language-plaintext highlighter-rouge">upload-pack</code> request is a <code class="language-plaintext highlighter-rouge">POST</code> request containing the client’s capabilities and a ‘want’ list for objects in the repository. To create a proper response, the <code class="language-plaintext highlighter-rouge">Msf::Exploit::Git::SmartHttp.get_upload_pack_response()</code> method should be used. Again, this method accepts two arguments. The first is the parsed request from the client, and the second is an array of all objects that exist in the repo. The <code class="language-plaintext highlighter-rouge">get_upload_pack_response()</code> method will check the sha1 hash of each object against the hashes in the want list that the client sent and send only the requested object hashes.</p><div class="language-ruby highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="n">response</span> <span class="o">=</span> <span class="n">get_upload_pack_response</span><span class="p">(</span><span class="n">request</span><span class="p">,</span> <span class="vi">@git_objs</span><span class="p">)</span>
<span class="n">cli</span><span class="p">.</span><span class="nf">send_response</span><span class="p">(</span><span class="n">response</span><span class="p">)</span>
</code></pre></div></div><p>Upon receiving the <code class="language-plaintext highlighter-rouge">upload-pack</code> response from the server, the client will build out the repository.</p><p>Putting it all together, the module should look something like the following:</p><div class="language-ruby highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="c1">##</span>
<span class="c1"># This module requires Metasploit: https://metasploit.com/download</span>
<span class="c1"># Current source: https://github.com/rapid7/metasploit-framework</span>
<span class="c1">##</span>

<span class="k">class</span> <span class="nc">MetasploitModule</span> <span class="o">&lt;</span> <span class="no">Msf</span><span class="o">::</span><span class="no">Exploit</span><span class="o">::</span><span class="no">Remote</span>
  <span class="no">Rank</span> <span class="o">=</span> <span class="no">ExcellentRanking</span>

  <span class="kp">include</span> <span class="no">Msf</span><span class="o">::</span><span class="no">Exploit</span><span class="o">::</span><span class="no">Git</span>
  <span class="kp">include</span> <span class="no">Msf</span><span class="o">::</span><span class="no">Exploit</span><span class="o">::</span><span class="no">Git</span><span class="o">::</span><span class="no">SmartHttp</span>
  <span class="kp">include</span> <span class="no">Msf</span><span class="o">::</span><span class="no">Exploit</span><span class="o">::</span><span class="no">Remote</span><span class="o">::</span><span class="no">HttpServer</span>

  <span class="k">def</span> <span class="nf">initialize</span><span class="p">(</span><span class="n">info</span> <span class="o">=</span> <span class="p">{})</span>
    <span class="k">super</span><span class="p">(</span>
      <span class="n">update_info</span><span class="p">(</span>
        <span class="n">info</span><span class="p">,</span>
        <span class="s1">'Name'</span> <span class="o">=&gt;</span> <span class="s1">'Git Clone Test'</span><span class="p">,</span>
        <span class="s1">'Description'</span> <span class="o">=&gt;</span> <span class="sx">%q{
        }</span><span class="p">,</span>
        <span class="s1">'License'</span> <span class="o">=&gt;</span> <span class="no">MSF_LICENSE</span><span class="p">,</span>
        <span class="s1">'Author'</span> <span class="o">=&gt;</span> <span class="p">[</span> <span class="p">],</span>
        <span class="s1">'References'</span> <span class="o">=&gt;</span> <span class="p">[</span> <span class="p">],</span>
        <span class="s1">'DisclosureDate'</span> <span class="o">=&gt;</span> <span class="s1">'2022-09-22'</span><span class="p">,</span>
        <span class="s1">'Platform'</span> <span class="o">=&gt;</span> <span class="p">[</span> <span class="s1">'unix'</span> <span class="p">],</span>
        <span class="s1">'Arch'</span> <span class="o">=&gt;</span> <span class="no">ARCH_CMD</span><span class="p">,</span>
        <span class="s1">'Targets'</span> <span class="o">=&gt;</span> <span class="p">[</span>
          <span class="p">[</span> <span class="s1">'Automatic Target'</span><span class="p">,</span> <span class="p">{}]</span>
        <span class="p">],</span>
        <span class="s1">'DefaultTarget'</span> <span class="o">=&gt;</span> <span class="mi">0</span><span class="p">,</span>
        <span class="s1">'Notes'</span> <span class="o">=&gt;</span> <span class="p">{}</span>
      <span class="p">)</span>
    <span class="p">)</span>

    <span class="n">register_options</span><span class="p">(</span>
      <span class="p">[</span>
        <span class="no">OptString</span><span class="p">.</span><span class="nf">new</span><span class="p">(</span><span class="s1">'GIT_URI'</span><span class="p">,</span> <span class="p">[</span> <span class="kp">false</span><span class="p">,</span> <span class="s1">'The URI to use as the malicious Git instance (empty for random)'</span><span class="p">,</span> <span class="s1">''</span> <span class="p">])</span>
      <span class="p">]</span>
    <span class="p">)</span>

    <span class="n">deregister_options</span><span class="p">(</span><span class="s1">'RHOSTS'</span><span class="p">,</span> <span class="s1">'RPORT'</span><span class="p">)</span>
  <span class="k">end</span>

  <span class="k">def</span> <span class="nf">exploit</span>
    <span class="n">setup_repo_structure</span>
    <span class="k">super</span>
  <span class="k">end</span>

  <span class="k">def</span> <span class="nf">setup_repo_structure</span>
    <span class="c1"># create blob object for contents of 'test_file.txt'</span>
    <span class="n">contents</span> <span class="o">=</span> <span class="s2">"test</span><span class="se">\n</span><span class="s2">"</span>
    <span class="n">blob</span> <span class="o">=</span> <span class="no">Msf</span><span class="o">::</span><span class="no">Exploit</span><span class="o">::</span><span class="no">Git</span><span class="o">::</span><span class="no">GitObject</span><span class="p">.</span><span class="nf">build_blob_object</span><span class="p">(</span><span class="n">contents</span><span class="p">)</span>

    <span class="c1"># create tree object representing 'test_file.txt' in 'dir' folder</span>
    <span class="n">tree_entry</span> <span class="o">=</span>
    <span class="p">{</span>
      <span class="ss">mode: </span><span class="s1">'100644'</span><span class="p">,</span>
      <span class="ss">file_name: </span><span class="s1">'test_file.txt'</span><span class="p">,</span>
      <span class="ss">sha1: </span><span class="n">blob</span><span class="p">.</span><span class="nf">sha1</span>
    <span class="p">}</span>
    <span class="n">tree_object</span> <span class="o">=</span> <span class="no">Msf</span><span class="o">::</span><span class="no">Exploit</span><span class="o">::</span><span class="no">Git</span><span class="o">::</span><span class="no">GitObject</span><span class="p">.</span><span class="nf">build_tree_object</span><span class="p">(</span><span class="n">tree_entry</span><span class="p">)</span>

    <span class="c1"># create blob object for contents of 'file.txt'</span>
    <span class="n">contents</span> <span class="o">=</span> <span class="s2">"some text</span><span class="se">\n</span><span class="s2">"</span>
    <span class="n">file_blob</span> <span class="o">=</span> <span class="no">Msf</span><span class="o">::</span><span class="no">Exploit</span><span class="o">::</span><span class="no">Git</span><span class="o">::</span><span class="no">GitObject</span><span class="p">.</span><span class="nf">build_blob_object</span><span class="p">(</span><span class="n">contents</span><span class="p">)</span>

    <span class="c1"># create tree object representing top-level directory of repo</span>
    <span class="n">entries</span> <span class="o">=</span>
    <span class="p">[</span>
      <span class="p">{</span>
        <span class="ss">mode: </span><span class="s1">'100644'</span><span class="p">,</span>
        <span class="ss">file_name: </span><span class="s1">'file.txt'</span><span class="p">,</span>
        <span class="ss">sha1: </span><span class="n">file_blob</span><span class="p">.</span><span class="nf">sha1</span>
      <span class="p">},</span>
      <span class="p">{</span>
        <span class="ss">mode: </span><span class="s1">'040000'</span><span class="p">,</span>
        <span class="ss">file_name: </span><span class="s1">'dir'</span><span class="p">,</span>
        <span class="ss">sha1: </span><span class="n">tree_object</span><span class="p">.</span><span class="nf">sha1</span>
      <span class="p">}</span>
    <span class="p">]</span>
    <span class="n">top_level_obj</span> <span class="o">=</span> <span class="no">Msf</span><span class="o">::</span><span class="no">Exploit</span><span class="o">::</span><span class="no">Git</span><span class="o">::</span><span class="no">GitObject</span><span class="p">.</span><span class="nf">build_tree_object</span><span class="p">(</span><span class="n">entries</span><span class="p">)</span>

    <span class="c1"># create commit</span>
    <span class="n">commit_object</span> <span class="o">=</span> <span class="no">Msf</span><span class="o">::</span><span class="no">Exploit</span><span class="o">::</span><span class="no">Git</span><span class="o">::</span><span class="no">GitObject</span><span class="p">.</span><span class="nf">build_commit_object</span><span class="p">(</span><span class="ss">tree_sha1: </span><span class="n">top_level_obj</span><span class="p">.</span><span class="nf">sha1</span><span class="p">)</span>

    <span class="c1"># create list of objects in repository, as the</span>
    <span class="c1"># client will request them to build the repository</span>
    <span class="vi">@git_objs</span> <span class="o">=</span>
      <span class="p">[</span>
        <span class="n">commit_object</span><span class="p">,</span> <span class="n">top_level_obj</span><span class="p">,</span> <span class="n">tree_object</span><span class="p">,</span>
        <span class="n">file_blob</span><span class="p">,</span> <span class="n">tree_object</span><span class="p">,</span> <span class="n">blob</span>
      <span class="p">]</span>

    <span class="vi">@refs</span> <span class="o">=</span>
      <span class="p">{</span>
        <span class="s1">'HEAD'</span> <span class="o">=&gt;</span> <span class="s1">'refs/heads/master'</span><span class="p">,</span>
        <span class="s1">'refs/heads/master'</span> <span class="o">=&gt;</span> <span class="n">commit_object</span><span class="p">.</span><span class="nf">sha1</span>
      <span class="p">}</span>
  <span class="k">end</span>

  <span class="k">def</span> <span class="nf">create_git_uri</span>
    <span class="s2">"/</span><span class="si">#{</span><span class="no">Faker</span><span class="o">::</span><span class="no">App</span><span class="p">.</span><span class="nf">name</span><span class="p">.</span><span class="nf">downcase</span><span class="si">}</span><span class="s2">.git"</span><span class="p">.</span><span class="nf">gsub</span><span class="p">(</span><span class="s1">' '</span><span class="p">,</span> <span class="s1">'-'</span><span class="p">)</span>
  <span class="k">end</span>

  <span class="k">def</span> <span class="nf">primer</span>
    <span class="vi">@git_repo_uri</span> <span class="o">=</span> <span class="n">datastore</span><span class="p">[</span><span class="s1">'GIT_URI'</span><span class="p">].</span><span class="nf">empty?</span> <span class="p">?</span> <span class="n">create_git_uri</span> <span class="p">:</span> <span class="n">datastore</span><span class="p">[</span><span class="s1">'GIT_URI'</span><span class="p">]</span>
    <span class="vi">@git_addr</span> <span class="o">=</span> <span class="no">URI</span><span class="p">.</span><span class="nf">parse</span><span class="p">(</span><span class="n">get_uri</span><span class="p">).</span><span class="nf">merge</span><span class="p">(</span><span class="vi">@git_repo_uri</span><span class="p">)</span>
    <span class="n">print_status</span><span class="p">(</span><span class="s2">"Git repository to clone: </span><span class="si">#{</span><span class="vi">@git_addr</span><span class="si">}</span><span class="s2">"</span><span class="p">)</span>
    <span class="n">hardcoded_uripath</span><span class="p">(</span><span class="vi">@git_repo_uri</span><span class="p">)</span>
  <span class="k">end</span>

  <span class="k">def</span> <span class="nf">on_request_uri</span><span class="p">(</span><span class="n">cli</span><span class="p">,</span> <span class="n">req</span><span class="p">)</span>
    <span class="n">request</span> <span class="o">=</span> <span class="no">Msf</span><span class="o">::</span><span class="no">Exploit</span><span class="o">::</span><span class="no">Git</span><span class="o">::</span><span class="no">SmartHttp</span><span class="o">::</span><span class="no">Request</span><span class="p">.</span><span class="nf">parse_raw_request</span><span class="p">(</span><span class="n">req</span><span class="p">)</span>
    <span class="k">case</span> <span class="n">request</span><span class="p">.</span><span class="nf">type</span>
    <span class="k">when</span> <span class="s1">'ref-discovery'</span>
      <span class="n">response</span> <span class="o">=</span> <span class="n">get_ref_discovery_response</span><span class="p">(</span><span class="n">request</span><span class="p">,</span> <span class="vi">@refs</span><span class="p">)</span>
      <span class="n">fail_with</span><span class="p">(</span><span class="no">Failure</span><span class="o">::</span><span class="no">UnexpectedReply</span><span class="p">,</span> <span class="s1">'Git client did not send a valid ref-discovery request'</span><span class="p">)</span> <span class="k">unless</span> <span class="n">response</span>
    <span class="k">when</span> <span class="s1">'upload-pack'</span>
      <span class="n">response</span> <span class="o">=</span> <span class="n">get_upload_pack_response</span><span class="p">(</span><span class="n">request</span><span class="p">,</span> <span class="vi">@git_objs</span><span class="p">)</span>
      <span class="n">fail_with</span><span class="p">(</span><span class="no">Failure</span><span class="o">::</span><span class="no">UnexpectedReply</span><span class="p">,</span> <span class="s1">'Git client did not send a valid upload-pack request'</span><span class="p">)</span> <span class="k">unless</span> <span class="n">response</span>
    <span class="k">else</span>
      <span class="n">fail_with</span><span class="p">(</span><span class="no">Failure</span><span class="o">::</span><span class="no">UnexpectedReply</span><span class="p">,</span> <span class="s1">'Git client did not send a valid request'</span><span class="p">)</span>
    <span class="k">end</span>

    <span class="n">cli</span><span class="p">.</span><span class="nf">send_response</span><span class="p">(</span><span class="n">response</span><span class="p">)</span>
  <span class="k">end</span>
<span class="k">end</span>
</code></pre></div></div><h3 id="running-the-module"> <a href="#running-the-module" class="anchor-heading" aria-labelledby="running-the-module"><svg viewBox="0 0 16 16" aria-hidden="true"><use xlink:href="#svg-link"></use></svg></a> Running the module</h3><p>The module will start the http server and print the repo to clone</p><div class="language-msf highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="zp">msf</span> <span class="p">&gt;</span> use exploit/multi/http/git_clone_test
<span class="zs">[*]</span> No payload configured, defaulting to cmd/unix/python/meterpreter/reverse_tcp
<span class="zp">msf</span> exploit<span class="p">(</span><span class="kc">multi/http/git_clone_test</span><span class="p">)</span> <span class="p">&gt;</span> set srvport 9999
srvport =&gt; 9999
<span class="zp">msf</span> exploit<span class="p">(</span><span class="kc">multi/http/git_clone_test</span><span class="p">)</span> <span class="p">&gt;</span> set lhost 192.168.140.1
lhost =&gt; 192.168.140.1
<span class="zp">msf</span> exploit<span class="p">(</span><span class="kc">multi/http/git_clone_test</span><span class="p">)</span> <span class="p">&gt;</span> set srvhost 192.168.140.1
srvhost =&gt; 192.168.140.1
<span class="zp">msf</span> exploit<span class="p">(</span><span class="kc">multi/http/git_clone_test</span><span class="p">)</span> <span class="p">&gt;</span> run
<span class="zs">[*]</span> Exploit running as background job 0.
<span class="zs">[*]</span> Exploit completed, but no session was created.

<span class="zp">msf</span> exploit<span class="p">(</span><span class="kc">multi/http/git_clone_test</span><span class="p">)</span> <span class="p">&gt;</span> [*] Started reverse TCP handler on 192.168.140.1:4444
<span class="zs">[*]</span> Using URL: http://192.168.140.1:9999/MOYuJfC
<span class="zs">[*]</span> Server started.
<span class="zs">[*]</span> Git repository to clone: http://192.168.140.1:9999/y-find.git
</code></pre></div></div><p>Once the repository is cloned, you should expect to see the same contents as the <code class="language-plaintext highlighter-rouge">test-repo</code> at the beginning of this document:</p><div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>space@ubuntu:~$ git clone http://192.168.140.1:9999/y-find.git
Cloning into 'y-find'...
remote: Enumerating objects: 6, done.
remote: Counting objects: 100% (6/6), done.
remote: Compressing objects: 100% (6/6), done.
remote: Total 6 (delta 0), reused 0 (delta 0), pack-reused 0
Unpacking objects: 100% (6/6), 401 bytes | 200.00 KiB/s, done.
space@ubuntu:~$ cd y-find
space@ubuntu:~/y-find$ ls -al
total 20
drwxrwxr-x  4 space space 4096 Sep 22 12:05 .
drwxr-x--- 22 space space 4096 Sep 22 12:05 ..
drwxrwxr-x  2 space space 4096 Sep 22 12:05 dir
-rw-rw-r--  1 space space   10 Sep 22 12:05 file.txt
drwxrwxr-x  8 space space 4096 Sep 22 12:05 .git
space@ubuntu:~/y-find$ cat dir/test_file.txt
test
space@ubuntu:~/y-find$ cat file.txt
some text
</code></pre></div></div><hr><footer><p><a href="#top" id="back-to-top">Back to top</a></p><p class="text-small text-grey-dk-000 mb-0"> <a href="https://github.com/rapid7/metasploit-framework/tree/master/docs/metasploit-framework.wiki/How-to-use-the-Git-mixin-to-write-an-exploit-module.md" id="edit-this-page">Edit this page on GitHub</a></p></footer></div></div><div class="search-overlay"></div></div><script type="text/javascript" src="/assets/js/toggle_mode.js"></script> <script> var config = { theme: 'default', logLevel: 'fatal', securityLevel: 'strict', startOnLoad: true, arrowMarkerAbsolute: false, er: { diagramPadding: 20, layoutDirection: 'TB', minEntityWidth: 100, minEntityHeight: 75, entityPadding: 15, stroke: 'gray', fill: 'honeydew', fontSize: 12, useMaxWidth: true, }, flowchart:{ diagramPadding: 8, htmlLabels: true, curve: 'basis', }, sequence: { diagramMarginX: 50, diagramMarginY: 10, actorMargin: 50, width: 150, height: 65, boxMargin: 10, boxTextMargin: 5, noteMargin: 10, messageMargin: 35, messageAlign: 'center', mirrorActors: true, bottomMarginAdj: 1, useMaxWidth: true, rightAngles: false, showSequenceNumbers: false, }, gantt: { titleTopMargin: 25, barHeight: 20, barGap: 4, topPadding: 50, leftPadding: 75, fontSize: 11, gridLineStartPadding: 35, fontFamily: '\'Open Sans\', sans-serif', numberSectionStyles: 4, axisFormat: '%Y-%m-%d', topAxis: false, }, }; mermaid.initialize(config); window.mermaid.init(undefined, document.querySelectorAll('.language-mermaid')); </script>