LDAP + LaTeX + Management Interface

2025-12-12 07:40:34 -08:00 · 2024-11-29 18:09:59 +01:00
parent 801aecb2ba
commit 6795bee1c4
15 changed files with 165 additions and 202 deletions
--- a/Management/Bazaar.md
+++ b/Management/Bazaar.md
@@ -15,15 +15,16 @@

 ### rip-bzr.pl

-```powershell
-wget https://raw.githubusercontent.com/kost/dvcs-ripper/master/rip-bzr.pl
-docker run --rm -it -v /path/to/host/work:/work:rw k0st/alpine-dvcs-ripper rip-bzr.pl -v -u
-```
+* [kost/dvcs-ripper/rip-bzr.pl](https://raw.githubusercontent.com/kost/dvcs-ripper/master/rip-bzr.pl)
+    ```powershell
+    docker run --rm -it -v /path/to/host/work:/work:rw k0st/alpine-dvcs-ripper rip-bzr.pl -v -u
+    ```

 ### bzr_dumper

+* [SeahunOh/bzr_dumper](https://github.com/SeahunOh/bzr_dumper)
+
 ```powershell
-git clone https://github.com/SeahunOh/bzr_dumper
 python3 dumper.py -u "http://127.0.0.1:5000/" -o source
 Created a standalone tree (format: 2a)
 [!] Target : http://127.0.0.1:5000/
@@ -38,8 +39,10 @@ Created a standalone tree (format: 2a)
 [+] GET branch/tag
 [+] GET b'154411f0f33adc3ff8cfb3d34209cbd1'
 [*] Finish
+```

-$ bzr revert
+```powershell
+bzr revert
 N  application.py
 N  database.py
 N  static/
--- a/Management/Git.md
+++ b/Management/Git.md
@@ -27,9 +27,9 @@ The following examples will create either a copy of the .git or a copy of the cu

 Check for the following files, if they exist you can extract the .git folder.

- .git/config
- .git/HEAD
- .git/logs/HEAD
+- `.git/config`
+- `.git/HEAD`
+- `.git/logs/HEAD`


 ### Recovering file contents from .git/logs/HEAD
@@ -112,26 +112,29 @@ sha1 = d7ef4d77741c38b6d3806e0c6a57bf1090eec141

 #### git-dumper.py

+* [arthaud/git-dumper](https://github.com/arthaud/git-dumper)
 ```powershell
-git clone https://github.com/arthaud/git-dumper
 pip install -r requirements.txt
 ./git-dumper.py http://web.site/.git ~/website
 ```

 #### diggit.py

+* [bl4de/security-tools/diggit](https://github.com/bl4de/security-tools/)
+
 ```powershell
-git clone https://github.com/bl4de/security-tools/ && cd security-tools/diggit
 ./diggit.py -u remote_git_repo -t temp_folder -o object_hash [-r=True]
 ./diggit.py -u http://web.site -t /path/to/temp/folder/ -o d60fbeed6db32865a1f01bb9e485755f085f51c1
-
-u is remote path, where .git folder exists
-t is path to local folder with dummy Git repository and where blob content (files) are saved with their real names (cd /path/to/temp/folder && git init)
-o is a hash of particular Git object to download
 ```

+`-u` is remote path, where .git folder exists  
+`-t` is path to local folder with dummy Git repository and where blob content (files) are saved with their real names (`cd /path/to/temp/folder && git init`)  
+`-o` is a hash of particular Git object to download
+
 #### GoGitDumper

+* [c-sto/gogitdumper](https://github.com/c-sto/gogitdumper)
+
 ```powershell
 go get github.com/c-sto/gogitdumper
 gogitdumper -u http://web.site/.git/ -o yourdecideddir/.git/
@@ -141,8 +144,9 @@ git checkout

 #### rip-git

+* [kost/dvcs-ripper](https://github.com/kost/dvcs-ripper)
+
 ```powershell
-git clone https://github.com/kost/dvcs-ripper
 perl rip-git.pl -v -u "http://web.site/.git/"

 git cat-file -p 07603070376d63d911f608120eb4b5489b507692
@@ -156,15 +160,17 @@ git cat-file -p 5dae937a49acc7c2668f5bcde2a9fd07fc382fe2

 #### GitHack

+* [lijiejie/GitHack](https://github.com/lijiejie/GitHack)
+
 ```powershell
-git clone https://github.com/lijiejie/GitHack
 GitHack.py http://web.site/.git/
 ```

 #### GitTools

+* [internetwache/GitTools](https://github.com/internetwache/GitTools)
+
 ```powershell
-git clone https://github.com/internetwache/GitTools
 ./gitdumper.sh http://target.tld/.git/ /tmp/destdir
 git checkout -- .
 ```
@@ -204,20 +210,20 @@ gitrob [options] target [target2] ... [targetN]

 > Gitleaks provides a way for you to find unencrypted secrets and other unwanted data types in git source code repositories.

-```powershell
-# Run gitleaks against a public repository
-docker run --rm --name=gitleaks zricethezav/gitleaks -v -r https://github.com/zricethezav/gitleaks.git
+* Run gitleaks against a public repository
+    ```powershell
+    docker run --rm --name=gitleaks zricethezav/gitleaks -v -r https://github.com/zricethezav/gitleaks.git
+    ```

-# Run gitleaks against a local repository already cloned into /tmp/
-docker run --rm --name=gitleaks -v /tmp/:/code/  zricethezav/gitleaks -v --repo-path=/code/gitleaks
+* Run gitleaks against a local repository already cloned into /tmp/
+    ```powershell
+    docker run --rm --name=gitleaks -v /tmp/:/code/  zricethezav/gitleaks -v --repo-path=/code/gitleaks
+    ```

-# Run gitleaks against a specific Github Pull request
-docker run --rm --name=gitleaks -e GITHUB_TOKEN={your token} zricethezav/gitleaks --github-pr=https://github.com/owner/repo/pull/9000
-
-or
-
-go get -u github.com/zricethezav/gitleaks
-```
+* Run gitleaks against a specific Github Pull request
+    ```powershell
+    docker run --rm --name=gitleaks -e GITHUB_TOKEN={your token} zricethezav/gitleaks --github-pr=https://github.com/owner/repo/pull/9000
+    ```


 ## References
--- a/Management/README.md
+++ b/Management/README.md
@@ -6,10 +6,10 @@
 ## Summary

 * [Methodology](#methodology)
-* [Bazaar](./Bazaar.md)
-* [Git](./Git.md)
-* [Mercurial](./Mercurial.md)
-* [Subversion](./Subversion.md)
+    * [Bazaar](./Bazaar.md)
+    * [Git](./Git.md)
+    * [Mercurial](./Mercurial.md)
+    * [Subversion](./Subversion.md)
 * [Labs](#labs)
 * [References](#references)

@@ -43,6 +43,7 @@ location /.git {

 For example in Git, the exploitation technique doesn't require to list the content of the `.git` folder (http://target.com/.git/), the data extraction can still be conducted when files can be read.

+
 ## Labs

 * [Root Me - Insecure Code Management](https://www.root-me.org/fr/Challenges/Web-Serveur/Insecure-Code-Management)
--- a/Management/Subversion.md
+++ b/Management/Subversion.md
@@ -5,14 +5,11 @@
 ## Summary

 * [Tools](#tools)
-    * [svn-extractor](#svn-extractor)
 * [Methodology](#methodology)
 * [References](#references)

 ## Tools

-### svn-extractor
-
 * [anantshri/svn-extractor](https://github.com/anantshri/svn-extractor) - Simple script to extract all web resources by means of .SVN folder exposed over network. 
    ```powershell
    python svn-extractor.py --url "url with .svn available"
@@ -28,9 +25,10 @@ curl http://blog.domain.com/.svn/text-base/wp-config.php.svn-base
    ```powershell
    INSERT INTO "NODES" VALUES(1,'trunk/test.txt',0,'trunk',1,'trunk/test.txt',2,'normal',NULL,NULL,'file',X'2829',NULL,'$sha1$945a60e68acc693fcb74abadb588aac1a9135f62',NULL,2,1456056344886288,'bl4de',38,1456056261000000,NULL,NULL);
    ```
+    
 2. Download interesting files
-    * remove \$sha1\$ prefix
-    * add .svn-base postfix
+    * remove `$sha1$` prefix
+    * add `.svn-base` postfix
    * use first byte from hash as a subdirectory of the `pristine/` directory (`94` in this case)
    * create complete path, which will be: `http://server/path_to_vulnerable_site/.svn/pristine/94/945a60e68acc693fcb74abadb588aac1a9135f62.svn-base`