About  Project Blog Resources

Resources

People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!

Publicly Exposed .git Files- 140

Internet WachePosted 6 Years Ago
  • .git holds all of the information about the version control of a Git repo. Because of the period (.) in the directory name, it is commonly missed (such as ls -l command will not find this). These can be used to completely recreate the source code of the application!
  • Some web servers, such as Apache, will then show all of the contents of that directory to the rest of the world!
  • By putting these all together, downloading .git repo from a site can allow for a complete reconstruction of the source code.
  • When I tried searching for the .git file in Google a significant amount of repos were vulnerable to this attack.
  • It should be noted that the article has all commands to perform this attack. However, the .git reset takes a fair amount of time to do.

Maxwell DulinEmail me!TwitterGithubAdminBlog RSS FeedResources RSS Feed