CVE-2018-11235: Git Submodule RCE

This exercise details the exploitation of a vulnerability in Git Sub module that can be used to get command execution

2-4 Hrs.
Orange Badge


In this course, we delve into the exploitation of a remote command execution vulnerability in Git, documented as CVE-2018-11235. The vulnerability can be weaponized to target users who clone a remote directory, potentially allowing malicious code execution on their systems. The course walks you through the process of setting up your own Git repository using Apache2, as popular hosting services like GitHub and GitLab have implemented protections against this attack.

You will learn step-by-step instructions to create a malicious Git repository, including configuring submodules and injecting directory traversal techniques. By the end of the course, you will have a comprehensive understanding of how to exploit this vulnerability, along with a better grasp of Git's internal structure and the security measures necessary to safeguard against such attacks.

Want to learn more? Get started with PentesterLab Pro! GO PRO