From 0 to 1 CTFer's growth path-information collection notes (1)

Others 2020-10-26 12:14:48 views: null

Pivotal information collection

Classification of information collection

1.1.2.1 Leakage of sensitive directories
Significance: Through the leakage of sensitive directories, we are often able to obtain the source code of the website and sensitive URL addresses, such as the backend address of the website.

  1. Git leak
    (distributed version control system)
    hackers can obtain all the source code submitted by the developer through the information in the .git folder, which may lead to the server being attacked and destroyed.
    (1) Conventional git leak
    tool: scrapble
    usage :
 ./scrabble URL

(2) Git rollback
When the flag (sensitive file) may be deleted or overwritten during modification

fit reset --hard HEAD^

We are using the scrapble tool to get the source code and jump to the previous version through this command (HJEAD means the current version, HEAD^ means the previous version)

In addition git resetthere is also easier git log -statto see which files modified in each commit, and then git diff HEAD commit-idcompare changes between the current version and want to see the commit

(3) Git branch
Use tool: GitHacker

Execute the command: python GitHacker.py http://127.0.0.1/.git/
run, we will see the generated folder, execute "git log -all" || "git branch -v" after entering locally, this can only see the information the master branch, execution git reflog, you can see To some checkout records.

(4) Other uses of git leaks
Here, you can use .git/configthe access_token information that may be contained in the folder to access other warehouses of the user.

  1. SVN leaked
    subversion is the source code version management software. The main reason for the leak of SVN source code is that the administrator's operation is irregular and the SVN hidden folder is exposed to the external network environment. Use .svn/entriesor wc.dbobtain information such as server source code. Recommended tools: dvcs-ripper , Seay -svn.
  2. HG leak
    When initializing the project, HG will create a hidden .hg folder in the current folder, which includes information such as code and branch modification records. Recommended tool: dvcs-ripper
  3. Summary
    Recommended open source directory scanning tool: dirsearch

Guess you like

Origin blog.csdn.net/xingyu860990/article/details/109254040
Recommended
Open Source Daily | Angular v18; Inference optimization under large model price war; Mistral AI targets the US market with open source models; Silicon Valley has its own Lu Xun
Ranking
ACM summary twelve
Understand high performance and high concurrency from the root (2): Deepen the operating system, understand I/O and zero-copy technology
Ali cloud OSS web end of the forward pass is not dependent on official pupload plug
ServiceMesh study notes 20200418
Complete Guide to BERT Model Distillation (Principle & Technique & Code)
With Nginx proxy requests, the front and rear side cross-domain processing
Digital twin museum solution
How to be a good project manager of R&D projects
ssh:ssh-agent、ssh-add
解决mac ida在中文输入状态下crash问题
Daily
More
2024-05-29(1)
2024-05-28(1)
2024-05-27(1)
2024-05-26(0)
2024-05-25(3)
2024-05-24(12)
2024-05-23(35)
2024-05-22(9)
2024-05-21(35)
2024-05-20(5)

Code World

© 2018 codetd.com