Information disclosure in version control history

-

 In this lab titled “Information Disclosure in Version Control History”, the objective was to identify and exploit sensitive data exposure caused by improper handling of version control artifacts, specifically an exposed .git directory on a web server. The engagement began with a reconnaissance phase, where I performed directory brute-forcing using dirsearch to enumerate hidden paths and commonly exposed files. During this enumeration, I discovered that the target was serving the .git directory over HTTP, which immediately indicated a high-risk misconfiguration. Exposed Git metadata often allows reconstruction of the entire source code repository, including commit history, branches, and previously deleted sensitive information.

Following the discovery, the next phase focused on extracting the repository contents from the exposed .git directory. Instead of manually reconstructing the repository structure, I used an automated Git dumping utility sourced from GitHub designed specifically for recovering exposed repositories. After cloning and setting up the tool locally, I encountered several environment-related issues that required manual remediation. These included repairing the Python virtual environment, resolving missing or incompatible dependencies in requirements.txt, adjusting filesystem permissions to allow execution, and correcting the Python shebang to ensure compatibility with python3. Once these issues were resolved, the tool successfully retrieved the .git directory and reconstructed the repository locally for offline analysis.

After extraction, I attempted to interact with the repository using standard Git tooling. However, Git initially blocked execution due to its built-in safety mechanism for untrusted repositories. This was resolved by explicitly marking the directory as safe using the following configuration:

git config --global --add safe.directory /leakedgit-lab1



This allowed Git operations to function normally within the extracted repository context. At this stage, I had full access to the repository metadata, including commit history, branches, and diff information.

With the repository fully operational, I proceeded to perform historical analysis of the codebase using Git’s logging and diff inspection capabilities. The command git log -p was particularly useful, as it not only enumerates commit history but also displays the full patch-level changes introduced in each commit. This allowed me to perform a granular review of how the code evolved over time, including additions and removals of sensitive values. During this analysis, I identified that an administrative password had been introduced in an earlier commit and subsequently removed in later revisions. However, because Git retains immutable historical snapshots of all commits, the credential remained fully recoverable from the repository history.

Ultimately, I extracted the exposed credentials directly from the historical diff output and used them to successfully complete the lab by authenticating as the administrative user and solving the lab by removing the user carlos as instructed.

Comments

Post a Comment

Popular posts from this blog

Linux AAA

-
Image
Linux AAA Authentication What it means: Authentication verifies who the user is . How it works in Linux: When you log in, Linux checks your credentials (usually username + password) against /etc/passwd and /etc/shadow . /etc/passwd stores user information (username, UID, GID, shell, home directory). /etc/shadow stores hashed passwords and password expiration info, readable only by root. Common authentication methods: Local authentication: Using /etc/passwd and /etc/shadow . Remote authentication: Using services like: LDAP (Lightweight Directory Access Protocol) – centralized user management. Kerberos – provides secure, ticket-based authentication. RADIUS – used in network access (VPNs, Wi-Fi, etc.). PAM (Pluggable Authentication Modules) – modular framework used by Linux for integrating different authentication methods. Example PAM file location: /etc/pam.d/ Each service (like SSH, sudo, login) has its own PAM configuration file.
Read more

Peppermint Ticketing Software for help desk technicians.

-
Image
Peppermint Ticketing Peppermint is a modern, open-source help desk and issue tracking system built for IT teams, MSPs, and internal support departments that want a self-hosted, lightweight, and privacy-controlled solution. Peppermint prioritizes: Simplicity and speed Developer freedom Data sovereignty Low infrastructure footprint It’s designed for small to medium-sized teams who want something modern, minimalistic, and powerful — without being locked into enterprise subscriptions or bulky frameworks. Architecture Overview Peppermint’s backend is written primarily in TypeScript (Node.js) , with a PostgreSQL database and a React-based frontend . This makes it modular, fast, and compatible with modern deployment standards such as Docker , Kubernetes , and cloud instances (AWS, Linode, DigitalOcean, etc.). Architecture Components Component Technology / Purpose Backend  => Node.js (Express / Nest-like structure) Database  => PostgreSQL (relational, handles ti...
Read more

What is Osint?

-
 Open-Source Intelligence (OSINT) refers to the process of collecting, analyzing, and utilizing publicly available data from a wide variety of sources to gather intelligence. These sources can range from publicly accessible information on the internet to data from newspapers, government reports, databases, and even geospatial information. The key distinction of OSINT is that it does not involve covert or illegal methods of gathering information but rather focuses on using data that is readily available to the public, sometimes even through commercial or open platforms. Examples of OSINT data can be gathered from a wide array of open and accessible sources. Some key examples include: Social Media: Publicly available posts, images, videos, and profiles from platforms like Facebook, Twitter, LinkedIn, Instagram, and TikTok. These platforms can reveal personal details about individuals, locations, affiliations, and even plans for upcoming events. News Websites and Online Articles: Ne...
Read more