Buy me a tea

Exposed git folder

Note: This page is in the web pentest category but it could also be useful in a cloud pentest or other types of pentest.

It can happen during a pentest engagement that you will find a git folder.

Get the git folder in your local machine

From AWS

Say you found an aws bucket and it contains a git folder in rootfolder/.git. You will need to take the root folder locally this way you will be able to use git commands such as git diff

From a web server

wget -r http://target.com/.git

Explore the content

  • git status see tje status of changes

  • git diff will show the changes

  • cat .git/refs/heads/master will give you a reference to the latest commit.

  • git log -1 master will show commit message

  • git show -s --pretty=raw b64c8dcfa8a39af06521cf4cb7cdce5f0ca9e526 here b64c8dcfa8a39af06521cf4cb7cdce5f0ca9e526 is a reference to the commit you got from git log

  • git checkout -- . reset the local repo to the last commit (to retrieve deleted files for instance)

Resources

Tools

LogoGitHub - internetwache/GitTools: A repository with 3 tools for pwn'ing websites with .git repositories availableGitHub

GitTools by internetwache

LogoGitHub - gitleaks/gitleaks: Find secrets with Gitleaks 🔑GitHub

Gitleaks

Blogs

LogoExposed .git Directory ExploitationMedium

Exposed .git Directory Exploitation by Yani

LogoGit - HackTricksbook.hacktricks.xyz

Git - Hacktricks

PreviousXXENextDocker exploitation and Docker vulnerabilities

Last updated