Git LFS (git-lfs) - Remote Code Execution (RCE) exploit CVE-2020-27955 - Clone to Pwn

Posted by Dawid Golunski on Nov 05

/*
Go PoC exploit for git-lfs – Remote Code Execution (RCE)
vulnerability CVE-2020-27955
git-lfs-RCE-exploit-CVE-2020-27955.go

Discovered by Dawid Golunski
https://legalhackers.com
https://exploitbox.io

Affected (RCE exploit):
Git / GitHub CLI / GitHub Desktop / Visual Studio / GitKraken /
SmartGit / SourceTree etc.
Basically the whole Windows dev world which uses git.

Usage:
Compile: go build…

If you like the site, please consider joining the telegram channel or supporting us on Patreon using the button below.

Original Source

Tags: cyber, exploit, full disclosure, OSINT, seclist, Security, threatintel, vulnerabilities, vulnerability, vulns

Git LFS (git-lfs) – Remote Code Execution (RCE) exploit CVE-2020-27955 – Clone to Pwn

Original Source

Analyzing Forest Blizzard’s custom post-compromise tool for exploiting CVE-2022-38028 to obtain credentials

CACTUS Ransomware Victim: https://www[.]ebir[.]com/

CACTUS Ransomware Victim: https://www[.]concordegroup[.]ca/

CACTUS Ransomware Victim: https://www[.]coastalcargogroup[.]com/

CACTUS Ransomware Victim: https://www[.]saglobal[.]com/

Original Source

You may have missed

Analyzing Forest Blizzard’s custom post-compromise tool for exploiting CVE-2022-38028 to obtain credentials

CACTUS Ransomware Victim: https://www[.]ebir[.]com/

CACTUS Ransomware Victim: https://www[.]concordegroup[.]ca/

CACTUS Ransomware Victim: https://www[.]coastalcargogroup[.]com/

CACTUS Ransomware Victim: https://www[.]saglobal[.]com/