Module: Msf::Exploit::Git::Lfs

Included in:
Response
Defined in:
lib/msf/core/exploit/git/lfs.rb,
lib/msf/core/exploit/git/lfs/response.rb

Defined Under Namespace

Classes: Response

Instance Method Summary collapse

Instance Method Details

#generate_pointer_file(obj_data) ⇒ Object



5
6
7
8
9
10
11
12
13
# File 'lib/msf/core/exploit/git/lfs.rb', line 5

def generate_pointer_file(obj_data)
  return '' if obj_data.empty?
  
  <<-PTR_FILE
version https://git-lfs.github.com/spec/v1
oid sha256:#{Digest::SHA256.hexdigest(obj_data)}
size #{obj_data.length}
  PTR_FILE
end

#get_batch_response(request, server_addr, repo_objects) ⇒ Msf::Exploit::Git::Lfs::Response

Generates a Git LFS response to a batch request

Parameters:

  • request (Rex::Proto::Http::Request)

    The Git LFS request

  • server_addr (String)

    The URL of the Git server

  • repo_objects (Array)

    The list of objects in the Git repo

Returns:



22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
# File 'lib/msf/core/exploit/git/lfs.rb', line 22

def get_batch_response(request, server_addr, repo_objects)
  server_addr = server_addr.to_s unless server_addr.kind_of?(String)
  server_addr = server_addr.gsub(/\/\w+\.git/, '')

  repo_objects = [ repo_objects ] unless repo_objects.kind_of?(Array)
  response = Msf::Exploit::Git::Lfs::Response.from_http_request(request, server_addr)
  return nil unless response

  unless response.valid_objects?(repo_objects) || response.code != 200
    print_error('Client requested objects not in repository')
    return response
  end

  obj_data_arr = []
  response.valid_objs.each do |obj|
    sha = Msf::Exploit::Git::Lfs::Response.obj_sha256(obj.content)
    time = Time.now + 3600
    obj_data_arr <<
    {
      'oid' => sha,
      'size' => obj.content.size,
      'actions' =>
      {
        'download' =>
        {
          'href' => "#{response.base_addr}/#{sha}",
          'expires_at' => time.strftime("%FT%TZ"),
          'expires_in' => 3600
        }
      }
    }
  end

  response.body = { 'objects' => obj_data_arr }.to_json

  response
end

#get_requested_obj_response(request, repo_objects) ⇒ Msf::Exploit::Git::Lfs::Response

Generates a response to a Git LFS object request

Parameters:

Returns:



66
67
68
69
70
71
72
73
74
75
76
77
78
79
# File 'lib/msf/core/exploit/git/lfs.rb', line 66

def get_requested_obj_response(request, repo_objects)
  repo_objects = [ repo_objects ] unless repo_objects.kind_of?(Array)

  response = Msf::Exploit::Git::Lfs::Response.from_http_request(request)
  return nil unless response

  unless response.valid_objects?(repo_objects) || response.code != 200
    print_error('Client requested an object that is not in the repository')
    return response
  end
  response.body = response.valid_objs.first.content

  response
end