Attacking GIT

GitDumper: Extracting Git Repository Contents

GitDumper is a simple tool that allows attackers to download the contents of Git repositories, including files that might not be intended to be exposed publicly. If a repository's .git directory is accessible via HTTP, GitDumper can pull it down and extract sensitive information from it.

Installation of GitDumper

To install GitDumper, you can use Python’s package manager, pip. Alternatively, you can download it from GitHub directly:

pip install git-dumper

Or download from the GitHub repository here: GitTools Repository

Using GitDumper to Extract Git Repositories

Once GitDumper is installed, you can start dumping the contents of a target repository. The basic usage involves specifying the URL of the target Git repository and the directory where you want to save the files.

Command:

git-dumper http://192.168.221.207:8080/.git git

Explanation:

  • http://192.168.221.207:8080/.git is the URL of the Git repository's .git directory.

  • git is the local directory where the repository’s contents will be dumped.

Once the command is executed, GitDumper will start downloading the files from the repository’s .git directory and save them to your specified local directory (in this case, the git folder).

Extractor.sh: Using GitTools for Further Extraction

For more advanced Git extraction, GitTools includes an extractor.sh script. This script automatically extracts data from the dumped Git repository and attempts to find files that could contain valuable information such as credentials, configuration files, or sensitive source code.

Using extractor.sh

  1. First, you need to ensure that the git folder where the repository contents are saved is available.

  2. Then, you can execute the extractor.sh script from the GitTools repository.

Command:

~/red/GitTools/Extractor/extractor.sh git retrieved

Explanation:

  • ~/red/GitTools/Extractor/extractor.sh is the path to the extractor.sh script.

  • git is the folder where the repository was dumped.

  • retrieved is the destination folder where the extracted files will be saved.

Once the script runs, it will check the repository for useful files and commits, and it will save them in the specified folder. For example, the output might show files like .gitignore, auth.php, and index.php that could contain valuable data.

Example Output:

[*] Destination folder does not exist
[*] Creating...
[+] Found commit: b0b7ac2f66cefc47f33f811fbfa7c5b4a8c89ffd
[+] Found file: /root/home/key/ret/0-b0b7ac2f66cefc47f33f811fbfa7c5b4a8c89ffd/.gitignore
[+] Found file: /root/home/key/ret/0-b0b7ac2f66cefc47f33f811fbfa7c5b4a8c89ffd/auth.php
[+] Found file: /root/home/key/ret/0-b0b7ac2f66cefc47f33f811fbfa7c5b4a8c89ffd/hmac.php
[+] Found file: /root/home/key/ret/0-b0b7ac2f66cefc47f33f811fbfa7c5b4a8c89ffd/index.php

This output indicates that various important files (like auth.php, hmac.php, and index.php) have been found and extracted.

Enumerating Git Repositories for Further Information

While GitDumper and GitTools can help dump and extract files from a repository, Git itself has several powerful commands that penetration testers can use to explore the contents of a repository and enumerate useful data.

1. git show

This command shows the contents of a specific commit or repository. This is useful for looking at specific changes or files added in a commit.

Example Command:

git show c9c8e8bd0a4b373190c4258e16e07a6296d4e43c

Explanation: This will display the contents of the commit with the hash c9c8e8bd0a4b373190c4258e16e07a6296d4e43c.

2. git status

The git status command gives a summary of the current state of the repository. This can show modified files, untracked files, or files that are staged for commit.

Example Command:

git status

Explanation: This will display the current status of the repository, such as files that have been added, modified, or are not yet staged for commit.

3. git diff

This command shows the differences between commits or between a commit and the current state of the working directory. It can be very helpful when comparing changes made to files.

Example Command:

git diff 967fa71c359fffcbeb7e2b72b27a321612e3ad11 8b430c17c16e6c0515e49c4eafdd129f719fde74

Explanation: This will display the differences between the two commits with the given hashes.

4. git log

The git log command shows the commit history of the repository. This is useful for understanding the changes made over time and identifying any sensitive information in past commits.

Example Command:

git log

Explanation: This will show the commit history, including commit messages, author information, and commit hashes.

Why having this knowledge can pay dividends:

Git repositories can be a treasure trove of sensitive information, from source code to credentials and configuration files. As a penetration tester, it's essential to understand how to exploit improperly configured or exposed Git repositories.

By using GitDumper, GitTools, and common Git commands, you can efficiently enumerate, extract, and analyze Git repositories during a penetration test. These tools provide powerful techniques for extracting valuable information that might otherwise be overlooked in a typical engagement.

Always remember to perform thorough enumeration and extraction of repositories when testing web servers, especially those that might have exposed .git directories. Additionally, practice responsible disclosure if sensitive information is discovered in such repositories.

PreviousTargeting GIT RepositoriesNextPivoting

Last updated