`

that there is a git repository on the server. Git is a source code

management tool, and in this case, it likely manages some source

code locally on the remote server.

Use dirsearch to perform another directory brute-force against

the second directory, namely /backup/acme-hyper-branding. Save

the result into its own folder, then check them. You should find a git

repository there, too.

Exploring git Repositories

When you find a git repository, it’s often useful to run a

specialized git cloner that pulls the repository and all of its

associated metadata so you can inspect it locally. For this task, we’ll

use Gitjacker.

Cloning the Repository with Gitjacker

Gitjacker’s command is pretty simple. The first argument is a

URL, and the -o (output) argument takes a folder name into which

the data will be saved if Gitjacker succeeds at pulling the repository:

$ gitjacker http://172.16.10.11/backup/acme-impact-alliance/ -o acme-impact-alliance-git

--snip--

Target: http://172.16.10.11/backup/acme-impact-alliance/

Output Dir: acme-impact-alliance-git

Operation complete.

Status: Success

Retrieved Objects: 3242

--snip--

As you can see, the tool returned a successful status and a few

thousand objects. At this point, you should have a folder named

acme-impact-alliance-git:

$ ls -la ./acme-impact-alliance-git

--snip--

128 -rw-r--r-- 1 kali kali 127309 Mar 17 23:15 comment.php

96 -rw-r--r-- 1 kali kali 96284 Mar 17 23:15 comment-template.php

16 -rw-r--r-- 1 kali kali 15006 Mar 17 23:15 compat.php

4 drwxr-xr-x 2 kali kali 4096 Mar 17 23:15 customize

--snip--

12 -rw-r--r-- 1 kali kali 10707 Mar 17 23:15 customize.php

4 -rw-r--r-- 1 kali kali 705 Mar 17 23:15 donate.php

4 -rw-r--r-- 1 kali kali 355 Mar 17 23:15 robots.txt

--snip--

Black Hat Bash (Early Access) © 2023 by Dolev Farhi and Nick Aleks