Resources
People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!
- The SSH
ProxyCommandis used for proxying SSH connections. In particular, custom commands can be used to connect to the server. Within these commands are variables, such as%hfor the hostname or%pfor the port. - These parameters are not being sanitized when used within the SSH command scripts. So, a malicious host, port or many others could be used to get command injection in the SSH proxying setup.
- At first, I didn't understand where this came from. They provided a command from Github for a PoC. In this example, the submodule files contain
ssh://`open -aCalculator`foo.example.com/bar, which creates a command injection on the proxy setup. - Be careful what you download! This could have been exploited to torch people using git in many different ways. Awesome, yet simple bug in an everyday system.
