root💀bl4ck4non-sec:~#

Hack. Eat. Sleep. Repeat!!!

View on GitHub

Git Information Leak

image

Our task is to leak the .git repository in the root of the website

Navigate to the webpage,

image

Lets fuzz for directories using ffuf

command:ffuf -u "http://ptl-3a97c3b0-95f590be.libcurl.so/FUZZ" -w /usr/share/wordlists/dirb/common.txt -e .zip,.sql,.php,.phtml,.bak,.backup

image

Well, we can see the .git repo

To dump this repository, we’ll be using a tool called git-dumper

To install

python -m venv venv
source venv/bin/activate
pip3 install git-dumper

image image

So, we can specify the url and also the directory we want the result to be outputted to

command:git-dumper http://pilgrimage.htb/.git output

So, output will be the folder I want the output of the command to be saved to

image

Now, that we’ve dumped the repository, lets look for the key

image

Submitting the key,

image

We have successfully completed this exercise

Git Information Leak II

image

Our task is to leak the content of the .git repository in the root of the website.

Navigate to the webpage

image

Lets fuzz for directories using ffuf

command:ffuf -u "http://ptl-9c309c5f-f6c1d169.libcurl.so/FUZZ" -w /usr/share/wordlists/dirb/common.txt -e .zip,.sql,.php,.phtml,.bak,.backup

image

We can see the .git repository, lets dump this repo using the tool git-dumper

command:git-dumper http://ptl-9c309c5f-f6c1d169.libcurl.so/ vawulence

image

Now that we have successfully dumped this, lets look for the key

image

Submitting the key

image

We have successfully completed this exercise.

That will be all for today

Back To Home