Exploiting publically exposed Version Control System
A presentation at Null Meet Bangalore Chapter in in Bengaluru, Karnataka, India by Anant Shrivastava
EXPLOITING VERSION CONTROL SYSTEMS PILLAGING FOR FUN AND PROFIT BY ANANT SHRIVASTAVA
ANANT SHRIVASTAVA Information Security Consultant Admin - Dev - Security null + OWASP + G4H http://anantshri.info and @anantshri Trainer : Blackhat USA, NullCon, g0s, c0c0n, RootConf Speaker : Nullcon, c0c0n, ClubHack, RootConf
WHAT IS VCS Version Control System The hip / developers way of deploying code Supports Auto-Deployment on commit
WHY EXPLOIT Coz its fun Its like a golden ticket Auto-deployment if available makes it more hip.
VCS 101 Type FOLDER GIT .git SVN .svn Mercurial .hg
PREDICATABLE FILES .git/HEAD .hg/requires .bzr/README
ROBOTS.TXT OF VCS .gitignore
TOOLS 1. SVN-extractor (Only SVN) (on top coz i wrote it) 2. DVCS-pillage (lacks SVN support) 3. dvcs-ripper (alternative implementation covers svn too)
DEMO TIME NOTE: ALL DEMO’s are prepared while in sleep deprived state.
DIRECTORY LISTING ENABLED
DIRECTORY LISTING DISABLED
SVN
PHEW DEMO DONE
QUICK CHECKS while read p; do echo “Input: “$p echo “CHECK: SVN entries http” curl -I http://$p/.svn/entries echo “CHECK: SVN entries https” curl -k -I https://$p/.svn/entries echo “CHECK: SVN wcdb” curl -I http://$p/.svn/wc.db echo “CHECK: SVN wcdb https” curl -k -I https://$p/.svn/wc.db done<$1
ANY QUESTIONS
ANANT SHRIVASTAVA Information Security Consultant Admin - Dev - Security null + OWASP + G4H http://anantshri.info and @anantshri Trainer : Blackhat USA, NullCon, g0s, c0c0n, RootConf Speaker : Nullcon, c0c0n, ClubHack, RootConf
This Demo / talk was focused on exploiting publicly exposed version control system.
Resources
The following resources were mentioned during the presentation or are useful additional information.
Buzz and feedback
Here’s what was said about this presentation on social media.
