Pivotal information collection
Classification of information collection
1.1.2.1 Leakage of sensitive directories
Significance: Through the leakage of sensitive directories, we are often able to obtain the source code of the website and sensitive URL addresses, such as the backend address of the website.
- Git leak
(distributed version control system)
hackers can obtain all the source code submitted by the developer through the information in the .git folder, which may lead to the server being attacked and destroyed.
(1) Conventional git leak
tool: scrapble
usage :
./scrabble URL
(2) Git rollback
When the flag (sensitive file) may be deleted or overwritten during modification
fit reset --hard HEAD^
We are using the scrapble tool to get the source code and jump to the previous version through this command (HJEAD means the current version, HEAD^ means the previous version)
In addition git reset
there is also easier git log -stat
to see which files modified in each commit, and then git diff HEAD commit-id
compare changes between the current version and want to see the commit
(3) Git branch
Use tool: GitHacker
Execute the command: python GitHacker.py http://127.0.0.1/.git/
run, we will see the generated folder, execute "git log -all" || "git branch -v" after entering locally, this can only see the information the master branch, execution git reflog
, you can see To some checkout records.
(4) Other uses of git leaks
Here, you can use .git/config
the access_token information that may be contained in the folder to access other warehouses of the user.
- SVN leaked
subversion is the source code version management software. The main reason for the leak of SVN source code is that the administrator's operation is irregular and the SVN hidden folder is exposed to the external network environment. Use.svn/entries
orwc.db
obtain information such as server source code. Recommended tools: dvcs-ripper , Seay -svn. - HG leak
When initializing the project, HG will create a hidden .hg folder in the current folder, which includes information such as code and branch modification records. Recommended tool: dvcs-ripper - Summary
Recommended open source directory scanning tool: dirsearch