Refactored exploit code for Gitstack remote code execution vulnerability Original code can be found here
- A pseudoshell is opened up for executing multiple commands.
- The user has the option to force the script to not execute certain prerequisites (creation of user, repo, etc).
- Will attempt to perform SSL connection
- Can specify parameters for more specific control (user, repository name, password etc.)
- Compatible with python3 instead of python2
- target (required): Target IP or hostname
- basedir: The base directory of webmin (default: /)
- ssl: Specify to use SSL", default="http://
- port: Port for Gitstack. Default is 80.
- user: User to create. Default is 'rce'
- password: Password for user. Default is 'rce'
- repo: Repository to create for exploit. Default is 'rce'
- force: Force exploitation with no checks or repository creation
- accessible: Remove ascii art
P.S. If you are using this for the Wreath lab make sure you change the name of the PHP file at the end...