RubyGems DNS request hijacking vulnerability

RubyGems version 2.6.12 and earlier is vulnerable to a DNS hijacking vulnerability that allows a MITM attacker to force the RubyGems client to down load and install gems from a server that the attacker controls...

From the SSRF implementation chain to the RCE, see How do I use the GitHub Enterprise version of the four vulnerability-vulnerability warning-the black bar safety net

In the past few months, I have been seriously preparing for the 2017 America the Black Hat hacker conference and DEF CON 25 lecture content, and become a Black Hat and DEFCON speaker has always been in my life a very important goal. In addition, this is also my first time in such a formal occasio...

Gitrob - Reconnaissance Tool for GitHub Organizations

Gitrob is a command line tool which can help organizations and security professionals find sensitive information lingering in publicly available files on GitHub. The tool will iterate over all public organization and member repositories and match filenames against a range of patterns for files th...

RubyGems: Installing a crafted gem package may create or overwrite files

There is no check for name field in metadata.gz. By assigning a maliciously crafted string like ../../../../../any/where to the field, an attacker can create an arbitrary file out of the directory of the gem, or even replace an existing file with a malicious file. Proof of Concept 1: Create a fil...

RubyGems: No limit of summary length allows Denail of Service

Currently, there is no limit for summary length. I think, pushing a gem whose summary is huge, will make gem search unavailable. This is not Arbitrary Code Execution, but really easy to attack. According to CVSS v3.0 Calculator, the severity is High 7.5. How to attack 1 An attacker creates a gem...

RubyGems: Escape sequence injection in "summary" field

Seems we can include any escape sequence in the "summary" field of gemspec. This allows attackers to inject escape sequences to a victim's terminal emulator. How to attack 1 An attacker creates a gem with summary string that includes malicious escape sequences, and push it to rubygems.org. 2 A...

RubyGems: Request Hijacking Vulnerability in RubyGems 2.6.11 and earlier

Description: The RubyGems client supports a gem server API discovery functionality, which is used when pushing or pulling gems to a gem distribution/hosting server, like RubyGems.org. This functionality is provided via a SRV DNS request to the users gem source hostname prepended with...

Man-In-The-Middle (MitM)

excon is vulnerable to man-in-the-middle MitM attacks. The rubygems source is deprecated because HTTP requests are insecure. A malicious user can potentially compromise the source to conduct MitM attacks...

Man-in-the-Middle (MitM)

introspection is vulnerable to man-in-the-middle MitM attacks. The vulnerability exists due to the usage of source :rubygems. This causes insecure connection to be made to rubygems when downloading external packages. A malicious user can potentially compromise the source to conduct MitM attacks...

Man-in-the-Middle (MitM)

delayedjobactiverecord is vulnerable to man-in-the-middle attacks.The vulnerability exists due to the usage of source :rubygems. This causes insecure connections to rubygems to be made. A malicious user can potentially compromise the source to conduct MitM attacks...

Man-in-the-Middle (MitM)

settingslogic is vulnerable to man in the middle MitM attacks. The rubygems source is deprecated because HTTP requests are insecure. A malicious user can potentially compromise the source to conduct MitM attacks...

Man-in-the-Middle (MitM)

puppet is vulnerable to man-in-the-middle MitM attacks. The rubygems source is deprecated because HTTP requests are insecure. A malicious user can potentially compromise the source to conduct MitM attacks...

Man-In-The-Middle (MitM)

thriftclient is vulnerable to man in the middle attacks. The rubygems source is deprecated because HTTP requests are insecure. A malicious user can potentially compromise the source to conduct man-in-the-middle attacks...

Man In The Middle (MitM)

appraisal is vulnerable to Man in the Middle MitM attacks. The rubygems source is deprecated because HTTP requests are insecure. A malicious user can potentially compromise the source to conduct man-in-the-middle attacks...

Man In The Middle (Mitm)

bourne is vulnerable to man-in-the-middle MitM attacks. The rubygems source is deprecated because HTTP requests are insecure. A malicious user can potentially compromise the source to conduct man-in-the-middle attacks...

Man In The Middle (MitM)

fpm is vulnerable to man-in-the-middle attacks MitM. The rubygems source is deprecated, meaning a malicious user can potentially compromise the source to conduct man-in-the-middle attacks...

Man-in-the-Middle (MitM)

nio4r is vulnerable to man-in-the-middle MitM attacks. The rubygems source is deprecated, meaning a malicious user can potentially compromise the source to conduct a Man-in-the-Middle attack...

Man-in-the-Middle (MitM)

maildir is vulnerable to man-in-the-middle MitM attacks. The rubygems source uses insecure http, meaning a malicious user can potentially compromise the source to conduct a Man-in-the-Middle attack...

Man In The Middle (MitM)

google-api-client is vulnerable to man-in-the-middle attacks MitM. The rubygems source is deprecated, meaning a malicious user can potentially compromise the source to conduct man-in-the-middle attacks...

BinProxy - BinProxy is a proxy for arbitrary TCP connections

BinProxy is a proxy for arbitrary TCP connections. You can define custom message formats using the BinData gem. Installation Prerequisites Ruby 2.3 or later A C compiler, Ruby headers, etc., are needed to compile several dependencies. On Ubuntu, sudo apt install build-essential ruby-dev should do...