SlideShare a Scribd company logo

Ripping web accessible .git files

V
Vlatko Kosturjak

This document discusses how to extract source code from websites that have exposed their .git directories without authorization. It describes finding repositories through tools like Nmap scripts and DVCS-Pillage, but notes limitations in completeness. A new tool called DVCS-rip is presented that can fully clone exposed git repositories over various protocols, including branches, with the goal of getting the full source code when it is not otherwise open source. The talk encourages feedback and contributions to improve upon existing tools.

1 of 13
Downloaded 20 times
1
2
3
4
5
6
7
8
9
10
11
12
13
#OpenFest Ripping web accessible .git files (or how to get the source when its not open source) Vlatko Kosturjak, Diverto https://twitter.com/k0st
Agenda ● Introduction ● Finding repos ● Cloning them ● How to get the source when its not open source ● How to Profit 5 minutes
You found .git?
Want source? ● Get the repo: mkdir git-test cd git-test wget --mirror --include-directories=/.git http://www.target.com/.git ● Get files cd www.target.com git reset --hard ● Profit! http://www.skullsecurity.org/blog/2012/using-git-clone-to-get-pwn3d
Problem Directory browsing disabled
No tool available to detect ● Most of the web/network scanners will not find this ● No awareness ● Tools looks only this ● .git/ => 403 ● They should actually look ● .git/logs/HEAD => 200 ● .git/config => 200 ● .git/index => 200 ● ...
Nmap NSE comes to rescue ● Have to use latest SVN version ● Script is not in 6.01 ● It looks all relevant git files ● .git/logs/HEAD ● .git/config ● ... ● nmap -sS -PS80,81,443,8080,8081 -p80,81,443,8080,8081 --script=http-git <target> PORT STATE SERVICE 80/tcp open http | http-git: | Potential Git repository found at XX.XX.XX.XX:XX/.git/ (found 5 of 6 expected files)
DVCS-Pillage ● It will rip the .git files when directory browsing disabled ● By Adam Baldwin ● Accessible from URL: ● https://github.com/evilpacket/DVCS-Pillage ● Have few problems ● Hmm...
Problems... ● Current methods ● Not complete tree download method – Packed refs – git ls-files –stage method ● No support for branches ● No support for other than http ● Time to code my own tool ● Want whole tree ● Branches ● Support old protocols
DVCS-rip ● It will rip the .git files when directory browsing disabled ● It will rip ALL files and checkout repository for you ● Not partial ● git fsck trick ● Support for ● Branches ● Any protocol (http/https/...) ● Accessible from URL: ● https://github.com/kost/dvcs-ripper
DVCS-rip ● How to run? ● Example run: ● rip-git.pl -v -u http://www.example.com/.git/ ● It will automatically do "git checkout -f" ● Profit!
Evolving Good example of open source collaboration between projects
Questions? Comments? Feedbacks? @k0st This is zero Acknowledgements: Adam Baldwin, Ron Bowes, Alex Weber, ...

More Related Content

ODP
Wonderful world of (distributed) SCM or VCS
Vlatko Kosturjak
 
PDF
Porting your favourite cmdline tool to Android
Vlatko Kosturjak
 
PDF
RootedCON 2017 - Docker might not be your friend. Trojanizing Docker images
Daniel Garcia (a.k.a cr0hn)
 
PDF
COSCUP 2016 - ROS + Gazebo機器人模擬器工作坊
Po-Jen Lai
 
ODP
about Debian "squeeze" @201002 OSC Tokyospring
Hideki Yamane
 
PDF
Local Community for Debian (2013 Taiwan miniDebConf)
Hideki Yamane
 
PDF
Golang workshop
Victor S. Recio
 
PDF
Package manages and Puppet - PuppetConf 2015
ice799
 
Wonderful world of (distributed) SCM or VCS
Vlatko Kosturjak
 
Porting your favourite cmdline tool to Android
Vlatko Kosturjak
 
RootedCON 2017 - Docker might not be your friend. Trojanizing Docker images
Daniel Garcia (a.k.a cr0hn)
 
COSCUP 2016 - ROS + Gazebo機器人模擬器工作坊
Po-Jen Lai
 
about Debian "squeeze" @201002 OSC Tokyospring
Hideki Yamane
 
Local Community for Debian (2013 Taiwan miniDebConf)
Hideki Yamane
 
Golang workshop
Victor S. Recio
 
Package manages and Puppet - PuppetConf 2015
ice799
 

What's hot (20)

PDF
Desarrollo web backend: Spring Boot, MongoDB y Azure
Patxi Gortázar
 
PDF
Puppet Camp LA 2/19/2015
ice799
 
PDF
Does Cowgirl Dream of Red Swirl?
Hideki Yamane
 
PDF
Chef Conf 2015: Package Management & Chef
ice799
 
PDF
A Look at Command Line Swift
JoshuaKaplan22
 
PDF
CloudOpen North America 2013: Vagrant & CFEngine
Nick Anderson
 
PDF
find & improve some bottleneck in Debian project (DebConf14 LT)
Hideki Yamane
 
PDF
SouthEast LinuxFest 2015 - intro to git
edgester
 
PDF
Chromium OS Introduction
Wei-Ning Huang
 
PDF
8-9-10=Jessie,Stretch,Buster
Hideki Yamane
 
PDF
Open source applications softwares
Tushar B Kute
 
PDF
Drupal Development : Tools, Tips, and Tricks
Gerald Villorente
 
PDF
OpenStack Swift on virtualbox
Atul Jha
 
PDF
Docker on Windows
Carl Su
 
PDF
Docker & PHP - Practical use case
rjsmelo
 
PDF
Null Xposed Framework internals and writing modules
Abhinav Chourasia, GMOB
 
PDF
Cape Cod Web Technology Meetup - 3
Asher Martin
 
PDF
WAF protections and bypass resources
Antonio Costa aka Cooler_
 
PDF
Openwrt startup
晓东 杜
 
PPTX
Docker italia fatti un container tutto tuo
Giulio De Donato
 
Desarrollo web backend: Spring Boot, MongoDB y Azure
Patxi Gortázar
 
Puppet Camp LA 2/19/2015
ice799
 
Does Cowgirl Dream of Red Swirl?
Hideki Yamane
 
Chef Conf 2015: Package Management & Chef
ice799
 
A Look at Command Line Swift
JoshuaKaplan22
 
CloudOpen North America 2013: Vagrant & CFEngine
Nick Anderson
 
find & improve some bottleneck in Debian project (DebConf14 LT)
Hideki Yamane
 
SouthEast LinuxFest 2015 - intro to git
edgester
 
Chromium OS Introduction
Wei-Ning Huang
 
8-9-10=Jessie,Stretch,Buster
Hideki Yamane
 
Open source applications softwares
Tushar B Kute
 
Drupal Development : Tools, Tips, and Tricks
Gerald Villorente
 
OpenStack Swift on virtualbox
Atul Jha
 
Docker on Windows
Carl Su
 
Docker & PHP - Practical use case
rjsmelo
 
Null Xposed Framework internals and writing modules
Abhinav Chourasia, GMOB
 
Cape Cod Web Technology Meetup - 3
Asher Martin
 
WAF protections and bypass resources
Antonio Costa aka Cooler_
 
Openwrt startup
晓东 杜
 
Docker italia fatti un container tutto tuo
Giulio De Donato
 
Ad

Viewers also liked (7)

PPT
Creative accounting (1)
Urvi Patel
 
PDF
Creative accounting tutor master
Sako Mwakalobo
 
PPT
Creative accounting
Home Study
 
PPT
Financial Accounting
ashu1983
 
PDF
2015 Upload Campaigns Calendar - SlideShare
SlideShare
 
PPTX
What to Upload to SlideShare
SlideShare
 
PDF
Getting Started With SlideShare
SlideShare
 
Creative accounting (1)
Urvi Patel
 
Creative accounting tutor master
Sako Mwakalobo
 
Creative accounting
Home Study
 
Financial Accounting
ashu1983
 
2015 Upload Campaigns Calendar - SlideShare
SlideShare
 
What to Upload to SlideShare
SlideShare
 
Getting Started With SlideShare
SlideShare
 
Ad

Similar to Ripping web accessible .git files (20)

PDF
Git Money
Tim N
 
PDF
LasCon 2014 DevOoops
Chris Gates
 
PPTX
January 2022: Central Iowa Linux Users Group: Git
Andrew Denner
 
PPT
Introduction to git
Nguyen Van Hung
 
PDF
What the git? - SAP Inside Track Munich 2016
Hendrik Neumann
 
PDF
Git Tutorial
Moshe Kaplan
 
PPTX
Devoops: DoJ Annual Cybersecurity Training Symposium Edition 2015
Chris Gates
 
PPTX
Git'in on Windows
Stacy Vicknair
 
PPTX
Git'in in 15
Stacy Vicknair
 
PPT
Introduction to Git
atishgoswami
 
PDF
Intro to Git
ojtibi
 
PDF
Using GIT
WO Community
 
PDF
Learning git
Sid Anand
 
PPTX
Mini-training: Let’s Git It!
Betclic Everest Group Tech Team
 
PPTX
Git.From thorns to the stars
Strannik_2013
 
PDF
Loading...git
Rafael García
 
PPT
git fast & minimal
paruthidotexe
 
PPTX
Version controll.pptx
Md. Main Uddin Rony
 
ODP
Git slides
55020
 
PDF
Whether you should migrate to git
Amit Anand
 
Git Money
Tim N
 
LasCon 2014 DevOoops
Chris Gates
 
January 2022: Central Iowa Linux Users Group: Git
Andrew Denner
 
Introduction to git
Nguyen Van Hung
 
What the git? - SAP Inside Track Munich 2016
Hendrik Neumann
 
Git Tutorial
Moshe Kaplan
 
Devoops: DoJ Annual Cybersecurity Training Symposium Edition 2015
Chris Gates
 
Git'in on Windows
Stacy Vicknair
 
Git'in in 15
Stacy Vicknair
 
Introduction to Git
atishgoswami
 
Intro to Git
ojtibi
 
Using GIT
WO Community
 
Learning git
Sid Anand
 
Mini-training: Let’s Git It!
Betclic Everest Group Tech Team
 
Git.From thorns to the stars
Strannik_2013
 
Loading...git
Rafael García
 
git fast & minimal
paruthidotexe
 
Version controll.pptx
Md. Main Uddin Rony
 
Git slides
55020
 
Whether you should migrate to git
Amit Anand
 

Ripping web accessible .git files

  • 1. #OpenFest Ripping web accessible .git files (or how to get the source when its not open source) Vlatko Kosturjak, Diverto https://twitter.com/k0st
  • 2. Agenda ● Introduction ● Finding repos ● Cloning them ● How to get the source when its not open source ● How to Profit 5 minutes
  • 4. Want source? ● Get the repo: mkdir git-test cd git-test wget --mirror --include-directories=/.git http://www.target.com/.git ● Get files cd www.target.com git reset --hard ● Profit! http://www.skullsecurity.org/blog/2012/using-git-clone-to-get-pwn3d
  • 6. No tool available to detect ● Most of the web/network scanners will not find this ● No awareness ● Tools looks only this ● .git/ => 403 ● They should actually look ● .git/logs/HEAD => 200 ● .git/config => 200 ● .git/index => 200 ● ...
  • 7. Nmap NSE comes to rescue ● Have to use latest SVN version ● Script is not in 6.01 ● It looks all relevant git files ● .git/logs/HEAD ● .git/config ● ... ● nmap -sS -PS80,81,443,8080,8081 -p80,81,443,8080,8081 --script=http-git <target> PORT STATE SERVICE 80/tcp open http | http-git: | Potential Git repository found at XX.XX.XX.XX:XX/.git/ (found 5 of 6 expected files)
  • 8. DVCS-Pillage ● It will rip the .git files when directory browsing disabled ● By Adam Baldwin ● Accessible from URL: ● https://github.com/evilpacket/DVCS-Pillage ● Have few problems ● Hmm...
  • 9. Problems... ● Current methods ● Not complete tree download method – Packed refs – git ls-files –stage method ● No support for branches ● No support for other than http ● Time to code my own tool ● Want whole tree ● Branches ● Support old protocols
  • 10. DVCS-rip ● It will rip the .git files when directory browsing disabled ● It will rip ALL files and checkout repository for you ● Not partial ● git fsck trick ● Support for ● Branches ● Any protocol (http/https/...) ● Accessible from URL: ● https://github.com/kost/dvcs-ripper
  • 11. DVCS-rip ● How to run? ● Example run: ● rip-git.pl -v -u http://www.example.com/.git/ ● It will automatically do "git checkout -f" ● Profit!
  • 12. Evolving Good example of open source collaboration between projects
  • 13. Questions? Comments? Feedbacks? @k0st This is zero Acknowledgements: Adam Baldwin, Ron Bowes, Alex Weber, ...