n8n Git Node Remote Code Execution via Malicious pre-commit Hook

This repository is a proof-of-concept exploit for CVE-2025-62726, targeting the n8n workflow automation platform (versions < 1.113.0). The exploit leverages a vulnerability in the n8n Git Node, which fails to sanitize or isolate git hooks when cloning repositories. The main workflow, defined in 'Deploy Application to Production - Backup.json', automates the process of cloning a repository, injecting a malicious pre-commit hook, and performing git operations that trigger the hook. The malicious hook opens a reverse shell to the attacker's machine (host.docker.internal:4444) using Node.js. The repository also includes a docker-compose.yml file to set up a vulnerable n8n instance for testing. The exploit demonstrates remote code execution via git hooks and is intended for educational purposes.

This repository contains a single file: a shell script intended as a git pre-commit hook. The script sets up a Node.js-based reverse shell that, when executed, connects to a specified attacker's IP address and port (defaulting to host.docker.internal:4444). Upon connection, it spawns a /bin/sh shell and redirects its input and output over the network socket, effectively granting the attacker remote shell access to the victim machine. The exploit is operational and requires the victim to execute the pre-commit hook, making it a local attack vector. The script is concise and leverages both shell scripting and Node.js for its payload. No specific CVEs or products are targeted; the exploit is generic and relies on social engineering or misconfiguration to be executed.

This repository is a comprehensive proof-of-concept (POC) for CVE-2025-62726, a critical remote code execution (RCE) vulnerability in n8n (versions < 1.113.0) when using the Git Node. The exploit leverages the fact that n8n's Git Node clones external repositories, including their .git/hooks directory, and executes git commit operations. If a malicious pre-commit hook is present, it is executed with the privileges of the n8n process, allowing arbitrary code execution. The repository is structured for educational and demonstration purposes, containing detailed guides, attack flow diagrams, mitigation instructions, and a realistic n8n workflow (n8n-workflow.json) that simulates a CI/CD deployment pipeline. The core exploit resides in the malicious-repo/.git/hooks/pre-commit file, which contains a reverse shell payload (or, in some variants, a credential harvester or remote payload fetcher). When the workflow is executed, the malicious hook is triggered, providing the attacker with a shell on the n8n container or exfiltrating sensitive data. Key files include: - malicious-repo/.git/hooks/pre-commit: The main payload (reverse shell or data exfiltration) - n8n-workflow.json: Workflow that clones the malicious repo and triggers the exploit - payloads/payload.sh: Standalone reverse shell payload - run-demo.sh, verify-setup.sh: Scripts to automate and verify the demo environment - docker-compose.yml: Spins up a vulnerable n8n instance for testing The exploit demonstrates a realistic supply chain attack scenario, where a seemingly legitimate repository is weaponized with a hidden git hook. The documentation provides step-by-step instructions for setup, exploitation, and mitigation, making it suitable for security training and awareness. The attack vector is network-based, requiring only low privileges (workflow creation) on the target n8n instance. The exploit is operational, with a working payload and clear demonstration of impact (RCE, credential theft, persistence).