This Metasploit module takes advantage of custom hg-ssh wrapper implementations that don’t adequately validate parameters passed to the hg binary, allowing users to trigger a Python Debugger session, which allows arbitrary Python code execution.
This site contains information which could be considered illegal in some countries. It is provided here for educational use only and is not intended to be used for illegal activities.
This Metasploit module takes advantage of custom hg-ssh wrapper implementations that don’t adequately validate parameters passed to the hg binary, allowing users to trigger a Python Debugger session, which allows arbitrary Python code execution.