Exposed git folder

Note: This page is in the web pentest category but it could also be useful in a cloud pentest or other types of pentest.

It can happen during a pentest engagement that you will find a git folder.

Get the git folder in your local machine

From AWS

Say you found an aws bucket and it contains a git folder in rootfolder/.git. You will need to take the root folder locally this way you will be able to use git commands such as git diff

From a web server

wget -r http://target.com/.git

Explore the content

• git status see tje status of changes

• git diff will show the changes

• cat .git/refs/heads/master will give you a reference to the latest commit.

• git log -1 master will show commit message

• git show -s --pretty=raw b64c8dcfa8a39af06521cf4cb7cdce5f0ca9e526 here b64c8dcfa8a39af06521cf4cb7cdce5f0ca9e526 is a reference to the commit you got from git log

• git checkout -- . reset the local repo to the last commit (to retrieve deleted files for instance)

Resources

Tools

GitHub - internetwache/GitTools: A repository with 3 tools for pwn'ing websites with .git repositories availableGitHub

GitTools by internetwache

GitHub - gitleaks/gitleaks: Protect and discover secrets using Gitleaks 🔑GitHub

Gitleaks

Blogs

Exposed .git Directory ExploitationMedium

Exposed .git Directory Exploitation by Yani

GitHackTricks

Git - Hacktricks