CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!
CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!
Path: blob/master/documentation/modules/post/osx/gather/gitignore.md
Views: 1904
Vulnerable Application
This module finds and retrieves gitignore files from the user's home directory, as well as retrieves the contents of files found in the gitignore.
Verification Steps
Start msfconsole
Get at least a user shell
Locate gitignore files: 3. Do: use post/osx/gather/gitignore 4. Do: set session # 5. Do: set mode 1 5. Do: run 6. You should see a list of all gitignore files with absolute path located recursively from the users'r home directory
Retrieve gitignore files: 7. Do: set mode 2 8. Do: set file /absolute/path/to/.gitignore 9. Do run 10. You should see the contents of the gitignore file. If you see anything useful, you can also retrieve these artifacts.
Retrieve sensitive or interesting artifacts: 11. Do: set file /absolute/path/to/sensitive_file 12. Do: run
Options
MODE
Select between enumeration and retrieval mode. Mode 1 is enumeration of all gitignore files recursively in the user's home directory. Mode 2 is used for retrieving file contents should they be ASCII text.
FILE
This is the absolute file path to the .gitignore and/or sensitive file you would like to retrieve.
Scenarios
Gitignore files commonly list items developers don't want leaked and generally contain sensitive information.