Please go ahead ONLY if you have COMPLETED the lab or you are stuck! Checking the solutions before actually trying the concepts and techniques you studied in the course will dramatically reduce the benefits of a hands-on lab! Goal after completing this scenario: Exploit the Gitlab server using a malicious. A vulnerable machine GitLab server deployed on. In this lab environment, the user will access a Kali GUI instance. The CVE assigned to this vulnerability is CVE-2021-22204. In this lab, we targeted the Gitlab server, where the git server was not correctly validating image files passed to a file parser, resulting in remote command execution. The vulnerability severity base score is 7.8. Many python scripts and a Metasploit module are available to generate the malicious image file. Improper neutralization of user data in the DjVu file format in ExifTool versions 7.44 and up allows arbitrary code execution when parsing the malicious image. One issue in the Gitlab lab was exploited due to a vulnerability found in the ExifTool tool. Gitlab uses this tool as a dependency for their product. The ExifTool is used in many significant applications such as Gitlab. In 2021, a critical vulnerability was found in the ExifTool tool. Technical difficulty: Beginner Introduction Also, we will use Metasploit Framework to generate a malicious image that gives us a meterpreter session. Purpose: We are learning how to manually exploit the Gitlab server running the ExifTool vulnerable version to better understand the vulnerability. Subscribe or sign up for a 7-day, risk-free trial with INE and access this lab and a robust library covering the latest in Cyber Security, Networking, Cloud, and Data Science! In our lab walkthrough series, we go through selected lab exercises on our INE Platform.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |