.png)
4 years ago
179 BOOK THIS SPACE FOR AD
ARTICLE AD
With real-world example:
Insecure Code Management/Version Control history: “.”
To maintain and track changes in code usually, web-applications use git repositories but during this process “sometimes developer save some sensitive information”, such as database information or credentials, API keys, config files, etc and the attacker took benefit of that saved information.
The Git directory installed at root of the website can give us a lot of juicy information if it is publicly exposed. Therefore, git dir should be removed from the public access. “.git” source code can be restored on the local system and can search for the commit history which may expose a lot of sensitive information. There are no of ways to search git repos’ for a website some are given below:
In Search Engine: After inserting intext:” Index of /.git” String in any search engine we will website where .git repository is publically accessible.
· Search engine:
Bing:
Google :
· By using directory brute forcing tools.
Dirb: By using dirbuster we can fetch multiple hidden directories. .git can also be fetched by it. This tool is available both in windows and unix/linux.
· We can also use https://github.com/guptabless/gitfinder this python script also helps to search for the hidden git directory and dumps its contents.
URL: where we want to search .git directory and we have to provide URL without http:/https or .git append.
If .git directory exist on that URL it will show whole structure of git.
Working/Exploitation: One the developer accidentally wrote sensitive admin password in the git, but after realizing he removed that from it but forgot to remove the commit history
· Append .git in the URL we can see whole structure of .git directory.
· So in order to look for the commit history we have to clone it from the website and then we can look for its commit history.
Cloning git tool: We can clone it by using gitools with the command given below. Gitools have three small scripts in bash/python.
Syntax: Git clone https://github.com/internetwache/GitTools.git
I. Dumper: We can store .git source code locally. We have a Dumper “gitdumper.sh” script, in which you can pass the website with the git directory appended and folder where you want to save the contents. As you can see in below screen-shot. I gave “gitrepo” folder name and stored it.
· I still don’t see any contents inside saved folder.
· Try using the ls -la command as it seems that the contents is hidden
· We can see all the folder which have been cloned successfully.
· We usually search the logs folder in the git repository. We’ve got HEAD and
refs in the logs folder.
Initial commit made by admin. Which have been rectified after that. It has a unique git id by which you can look for what things have be added or removed. To do show you can copy the git id and then use this command in the terminal git show <Commit ID>
Remediation
· Never store sensitive data in code/config on GitHub.
· Remove Sensitive data in your files and GitHub history.
· Validate your GitHub Applications Carefully
· Remove and deny access to git folder on your website.
Bengali (Bangladesh) · 
English (United States) ·