Git
Dump .git directory
If Directory brute-forcing reveals .git dump the source code:
git-dumper http://cat.htb/.git ~/Documents/CTF/HTB/cat.htb/dumpIs a good practice to restore all files for further enumeration
git restore .Restore the staged changes and see the differences
git restore --staged . && git diffWhen error messages provide specific text, use them to locate validation code
grep "invalid characters" *
grep -r "forbidden" ./
find . -name "*.php" -exec grep -l "validation" {} \;Check for common PHP sanitization functions
htmlspecialchars()- Converts special characters to HTML entitiesfilter_var()- Validates and sanitizes dataaddslashes()- Escapes quotesstrip_tags()- Removes HTML/PHP tags
Enumeration
Repository Status
git statusShows changes staged for the next commit
git diff --cachedCheck Commit
git show b73481bb823d2dfb49c44f4c1e6a7e11912ed8aeShow all the branches in the repository
git branch -aShow the commit history across multiple branches
git show-branchLogs
git logLook for a file across the entire history
git log --all --full-history -- .envShows a sorted list of unique files changed in any commit across all branches
git log --all --name-only --pretty=format: | sort | uniqLists files changed in any commit across all branches that contain "env" in their name
git log --all --name-only --pretty=format: | grep -i envRemote Repository
Check your remote URL
git remote -v Remote URL to SSH
git remote set-url origin git@github.com:b0llull0s/AI-Maths.gitBranches
Fetch the changes to local
git fetch originMerge Branch
git merge <branch_name>Delete Branch
git branch -D <branch_name>Create and switch to a new branch
git checkout <branch_name>In case you can to create a feature branch
git checkout -b feature-branchPull the latest changes
git pull origin devSwitch to another branch
git switch <branch-name>Push the changes
git push origin <branch_name>Fetch changes to local
git fetchLast updated