Gitlab RCE - Remote Code Execution

Last update: Nov 09, 2022

Overview

Gitlab RCE - Remote Code Execution

RCE for old gitlab version <= 11.4.7 & 12.4.0-12.8.1

LFI for old gitlab versions 10.4 - 12.8.1

This is an exploit for old Gitlab versions. This shouldnt work in the wild but it still seems to be popular in CTFs. Educational use only. Illegal things are illegal.

CVEs: CVE-2018-19571 (SSRF) + CVE-2018-19585 (CRLF) & CVE-2020-10977

credits:

https://www.youtube.com/watch?v=LrLJuyAdoAg - LiveOverflow
https://github.com/jas502n/gitlab-SSRF-redis-RCE - jas502n
https://hackerone.com/reports/827052 - vakzz
partly inspired by the gitlab RCE metasploit module

usage:

python gitlab_rce.py

You might or might not have to tweak this a bit.

THERE ARE ~~ABSOLUTELY !!NO!!~~ ~~VERY~~ A FEW CHECKS OR ERROR HANDLING!

needs a HUGE refactor some time in the future.

Owner

pwner of boxes - capturer of flags

GitHub Repository

log4j2 passive burp rce scanning tool get post cookie full parameter recognition

log4j2_burp_scan 自用脚本log4j2 被动 burp rce扫描工具 get post cookie 全参数识别，在ceye.io api速率限制下，最大线程扫描每一个参数，记录过滤已检测地址，重复地址 token替换为你自己的http://ceye.io/ token 和域名地址

5 Dec 10, 2021

带回显版本的漏洞利用脚本

CVE-2021-21978 带回显版本的漏洞利用脚本，更简单的方式 0. 漏洞信息 VMware View Planner Web管理界面存在一个上传日志功能文件的入口，没有进行认证且写入的日志文件路径用户可控，通过覆盖上传日志功能文件log_upload_wsgi.py，即可实现RCE 漏洞代码

24 Nov 09, 2022

A Tool to find subdomains from hackerone reports.

Hactivity A Tool to find subdomains from Hackerone reports of a given company or a search term (xss, ssrf, etc). It can also print out URL and Title o

15 Jul 24, 2022

Bug Alert: a service for alerting security and IT professionals of high-impact and 0day vulnerabilities

Bug Alert Bug Alert is a service for alerting security and IT professionals of h

208 Dec 15, 2022

CloudFlare reconnaissance, tries to uncover the IP behind CF.

8 Dec 03, 2021

Osint-Tool - Information collection tool in python

Osint-Tool Herramienta para la recolección de información Pronto más opciones In

3 Apr 09, 2022

Python & JavaScript Obfuscator made in Python 3.

Python Code Obfuscator A script that converts code into full on random numerical expressions. Simple Scripts: Python Mode... Input: Function that deco

1 Dec 29, 2021

We protect the privacy of the data on your computer by using the camera of your Debian based Pardus operating system. 🕵️

Pardus Lookout We protect the privacy of the data on your computer by using the camera of your Debian based Pardus operating system. The application i

19 Nov 18, 2022

evtx-hunter helps to quickly spot interesting security-related activity in Windows Event Viewer (EVTX) files.

Introduction evtx-hunter helps to quickly spot interesting security-related activity in Windows Event Viewer (EVTX) files. It can process a high numbe

116 Dec 29, 2022

Web Scraping com Python - Raspando Vagas para Programadores

Web Scraping com Python - Raspando Vagas para Programadores Sobre o Projeto Web

3 Dec 30, 2021

SSRF search vulnerabilities exploitation extended.

This tool search for SSRF using predefined settings in different parts of a request (path, host, headers, post and get parameters).

13 Jul 04, 2021

This is the fuzzer I made to fuzz Preview on macOS and iOS like 8years back when I just started fuzzing things.

Fuzzing PDFs like its 1990s This is the fuzzer I made to fuzz Preview on macOS and iOS like 8years back when I just started fuzzing things. Some discl

14 Sep 30, 2022

Moodle community-based vulnerability scanner

badmoodle Moodle community-based vulnerability scanner Description badmoodle is an unofficial community-based vulnerability scanner for moodle that sc

11 Dec 22, 2022

A Python application to predict what is cooking

ez-cuisine-classifier A Python application to predict what is cooking Environment Python 3.9 Windows 10 Install python -m venv venv .\venv\Scripts\act

1 Jun 21, 2022

edgedressing leverages a Windows "feature" in order to force a target's Edge browser to open. This browser is then directed to a URL of choice.

edgedressing One day while experimenting with airpwn-ng, I noticed unexpected GET requests on the target node. The node in question happened to be a W

43 Dec 23, 2022

Gitlab RCE - Remote Code Execution

Related tags

Overview

Gitlab RCE - Remote Code Execution

Owner

log4j2 passive burp rce scanning tool get post cookie full parameter recognition

带回显版本的漏洞利用脚本

A Tool to find subdomains from hackerone reports.

Bug Alert: a service for alerting security and IT professionals of high-impact and 0day vulnerabilities

CloudFlare reconnaissance, tries to uncover the IP behind CF.

Osint-Tool - Information collection tool in python

Python & JavaScript Obfuscator made in Python 3.

We protect the privacy of the data on your computer by using the camera of your Debian based Pardus operating system. 🕵️

evtx-hunter helps to quickly spot interesting security-related activity in Windows Event Viewer (EVTX) files.

Web Scraping com Python - Raspando Vagas para Programadores

SSRF search vulnerabilities exploitation extended.

This is the fuzzer I made to fuzz Preview on macOS and iOS like 8years back when I just started fuzzing things.

Moodle community-based vulnerability scanner

A Python application to predict what is cooking

edgedressing leverages a Windows "feature" in order to force a target's Edge browser to open. This browser is then directed to a URL of choice.

Security system to prevent Shoulder Surfing Attacks

A secure way of storing your passwords.

Port scanning tool that uses Python3. Created by Noble Wilson

Chapter 1 of the AWS Cookbook

This program is a WiFi cracker, you can test many passwords for a desired wifi to find the wifi password!