SSH has an option called Prox圜ommand, which specifies a command which is executed before performing the actual SSH connection.Ĭombining all together it is possible to execute arbitrary system commands on the host of a victim by forcing them into opening a malicious link. While connecting the following command is executed: ssh -T -D $RANDOM_PORT "$REMOTE_HOST" bashĪs no sanitization is performed on the $REMOTE_HOST user-supplied input it is possible to inject arbitrary arguments to the SSH binary. ![]() Once a user browses an URI as the previous one, VSCode is opened and the extension tries to connect to the $REMOTE_HOST. Specifically, the format is the following: vscode://vscode-remote/ssh-remote+$REMOTE_HOST+$PATH_OF_PROJECT_ON_THE_REMOTE_HOST One of the ways to trigger the SSH connection is to use the vscode:// URI scheme. This extension uses the SSH binary of the host to setup the connection with the remote host. CVEĪn argument injection is present in the “Remote - SSH” extension, which is used and installed by the “Remote Development” one. Each extension in the Remote Development extension pack can run commands and other extensions directly inside a container, in WSL, or on a remote machine so that everything feels like it does when you run locally. No source code needs to be on your local machine to get these benefits. Debug an application running somewhere else such as a customer site or in the cloud.Access an existing development environment from multiple machines or locations.Develop your Linux-deployed applications using the Windows Subsystem for Linux. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |