Zero Day Archives
  • What is Zero Day Archives?
  • Contributors
  • Wireless Security
    • Intro to WiFi Pentesting
      • WEP Networks
      • WPS
      • WPA-PSK Networks
      • WPA & WPA2 PSK
      • WPA2 & WPA3 Enterprise Networks
      • WPA2 & WPA3-APLess
  • Reverse Engineering
    • Reverse Engineering
      • Introduction to Software Reverse Engineering
        • Introduction to Capture the Flag (CTF) Competitions
        • What are PE & Elf Binaries
        • Assembly Language for Beginner Reverse Engineers
        • Memory Registers for x86-64 (64-bit) and x86 (32-bit)
        • Reversing Tools: Command-Line Utilities for Binary Analysis
        • Reversing ELF Binaries: Techniques and Tools
      • Disassembly & Debugging
        • GDB for Reverse Engineering
        • RADARE2 for Reverse Engineering
        • GHIDRA for Reverse Engineering
        • IDA Pro for Reverse Engineering
      • Binary Exploitation
        • Buffer Overflows
          • What are Buffer Overflows and Stack Protections?
          • Commonly Exploited C Functions and Their Secure Alternatives
          • Basic Buffer Overflow in x86-64 Using GDB
        • Cryptography
          • Understanding Ciphers and Identifying Common Patterns
          • Teaching XOR Operations in Binary Exploitation
        • Return Oriented Programming (ROP)
          • Practical Guide to Exploring and Identifying Return-Oriented Programming (ROP)
        • Cracking and Patching Binaries
          • Tactics, Tools, and Procedures for Cracking and Patching Binaries
        • Ret2Win Challenges
  • Malware Analysis
    • Malware Analysis
      • Static Analysis
  • Transporting Files to/from Victims
    • Transferring Files to/from High Value Targets
      • Linux
      • Windows
      • CrackMapExec (NetExec)
  • Penetration Testing against GIT Remote Repositories
    • Targeting GIT Repositories
      • Attacking GIT
  • Network Pivoting, Port Forwarding, and Tunneling
    • Pivoting
      • Ligolo-ng
        • Basic Pivoting
        • Setup Reverse Shells through Pivot
        • Transferring Files through Pivot
      • Pivoting: Using Remote Desktop
      • ProxyChains
      • Metasploit
    • SSH Tunneling
      • SSH Local Port Forwarding
      • SSH Dynamic Port Forwarding
      • Sshuttle over SSH
    • Port Fowarding
      • Chisel Port Forwarding
      • NetSH for Port Forwarding
      • Plink for Port Forwarding
      • SoCat
      • Metasploit: Port Forwarding
  • Anti-Virus Evasion
    • Anti-Virus Evasion
      • Evasion with Metasploit
      • Evasion wtih Shellter
      • Evasion with Virus Total
  • Public Exploit Research
    • Online Exploit Research & Methods
  • Password Attacks
    • Password Attacks
      • Identifying Hashes
        • Hash Identifier Tools
      • John The Ripper
        • Cracking Passwords with John
        • Convert to Hashes with John
        • NTLM vs NTLMv2 Hashes + CrackMapExec
      • Hashcat
        • Cracking Passwords with Hashcat
      • Hydra
        • Hydra for Network Services
        • Hydra for Web Services
      • Mutating Wordlists for John & Hashcat
        • Mutating Wordlists
  • Digital Forensics & Incident Response (DFIR)
    • Digital Forensics
  • Data Science
    • Data Science/AI
  • Software Defined Radio (SDR)
    • Software Defined Radio
  • Embedded Systems Programming
    • Field Programmable Gate Arrays (FPGAs)
  • Other Resources
    • Resources for Hackers
Powered by GitBook
On this page
  1. Penetration Testing against GIT Remote Repositories
  2. Targeting GIT Repositories

Attacking GIT

GitDumper: Extracting Git Repository Contents

GitDumper is a simple tool that allows attackers to download the contents of Git repositories, including files that might not be intended to be exposed publicly. If a repository's .git directory is accessible via HTTP, GitDumper can pull it down and extract sensitive information from it.

Installation of GitDumper

To install GitDumper, you can use Python’s package manager, pip. Alternatively, you can download it from GitHub directly:

pip install git-dumper

Or download from the GitHub repository here: GitTools Repository

Using GitDumper to Extract Git Repositories

Once GitDumper is installed, you can start dumping the contents of a target repository. The basic usage involves specifying the URL of the target Git repository and the directory where you want to save the files.

Command:

git-dumper http://192.168.221.207:8080/.git git

Explanation:

  • http://192.168.221.207:8080/.git is the URL of the Git repository's .git directory.

  • git is the local directory where the repository’s contents will be dumped.

Once the command is executed, GitDumper will start downloading the files from the repository’s .git directory and save them to your specified local directory (in this case, the git folder).

Extractor.sh: Using GitTools for Further Extraction

For more advanced Git extraction, GitTools includes an extractor.sh script. This script automatically extracts data from the dumped Git repository and attempts to find files that could contain valuable information such as credentials, configuration files, or sensitive source code.

Using extractor.sh

  1. First, you need to ensure that the git folder where the repository contents are saved is available.

  2. Then, you can execute the extractor.sh script from the GitTools repository.

Command:

~/red/GitTools/Extractor/extractor.sh git retrieved

Explanation:

  • ~/red/GitTools/Extractor/extractor.sh is the path to the extractor.sh script.

  • git is the folder where the repository was dumped.

  • retrieved is the destination folder where the extracted files will be saved.

Once the script runs, it will check the repository for useful files and commits, and it will save them in the specified folder. For example, the output might show files like .gitignore, auth.php, and index.php that could contain valuable data.

Example Output:

[*] Destination folder does not exist
[*] Creating...
[+] Found commit: b0b7ac2f66cefc47f33f811fbfa7c5b4a8c89ffd
[+] Found file: /root/home/key/ret/0-b0b7ac2f66cefc47f33f811fbfa7c5b4a8c89ffd/.gitignore
[+] Found file: /root/home/key/ret/0-b0b7ac2f66cefc47f33f811fbfa7c5b4a8c89ffd/auth.php
[+] Found file: /root/home/key/ret/0-b0b7ac2f66cefc47f33f811fbfa7c5b4a8c89ffd/hmac.php
[+] Found file: /root/home/key/ret/0-b0b7ac2f66cefc47f33f811fbfa7c5b4a8c89ffd/index.php

This output indicates that various important files (like auth.php, hmac.php, and index.php) have been found and extracted.

Enumerating Git Repositories for Further Information

While GitDumper and GitTools can help dump and extract files from a repository, Git itself has several powerful commands that penetration testers can use to explore the contents of a repository and enumerate useful data.

1. git show

This command shows the contents of a specific commit or repository. This is useful for looking at specific changes or files added in a commit.

Example Command:

git show c9c8e8bd0a4b373190c4258e16e07a6296d4e43c

Explanation: This will display the contents of the commit with the hash c9c8e8bd0a4b373190c4258e16e07a6296d4e43c.

2. git status

The git status command gives a summary of the current state of the repository. This can show modified files, untracked files, or files that are staged for commit.

Example Command:

git status

Explanation: This will display the current status of the repository, such as files that have been added, modified, or are not yet staged for commit.

3. git diff

This command shows the differences between commits or between a commit and the current state of the working directory. It can be very helpful when comparing changes made to files.

Example Command:

git diff 967fa71c359fffcbeb7e2b72b27a321612e3ad11 8b430c17c16e6c0515e49c4eafdd129f719fde74

Explanation: This will display the differences between the two commits with the given hashes.

4. git log

The git log command shows the commit history of the repository. This is useful for understanding the changes made over time and identifying any sensitive information in past commits.

Example Command:

git log

Explanation: This will show the commit history, including commit messages, author information, and commit hashes.

Why having this knowledge can pay dividends:

Git repositories can be a treasure trove of sensitive information, from source code to credentials and configuration files. As a penetration tester, it's essential to understand how to exploit improperly configured or exposed Git repositories.

By using GitDumper, GitTools, and common Git commands, you can efficiently enumerate, extract, and analyze Git repositories during a penetration test. These tools provide powerful techniques for extracting valuable information that might otherwise be overlooked in a typical engagement.

Always remember to perform thorough enumeration and extraction of repositories when testing web servers, especially those that might have exposed .git directories. Additionally, practice responsible disclosure if sensitive information is discovered in such repositories.

PreviousTargeting GIT RepositoriesNextPivoting

Last updated 18 days ago