GitHacker icon indicating copy to clipboard operation
GitHacker copied to clipboard

Published 20 hours ago verified publisher icon WangYihang

Why does not work?

Open JacobOzn opened this issue 2 years ago • 8 comments

Hello.

root@debian:~# githacker --url https://www.target.com/.git/ --output-folder /home/test/ 2022-10-13 20:50:21 INFO 1 urls to be exploited 2022-10-13 20:50:21 INFO Exploiting https://www.target.com/.git/ into /home/test/2885f055223ecdcc046def4094a3c5c6 /usr/lib/python3/dist-packages/urllib3/connectionpool.py:849: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings InsecureRequestWarning) Traceback (most recent call last): File "/usr/local/bin/githacker", line 10, in sys.exit(main()) File "/usr/local/lib/python3.7/dist-packages/GitHacker/init.py", line 481, in main delay=args.delay, File "/usr/local/lib/python3.7/dist-packages/GitHacker/init.py", line 77, in init self.complete_basic_files_list() File "/usr/local/lib/python3.7/dist-packages/GitHacker/init.py", line 322, in complete_basic_files_list branch_names += self.parse_current_branch_name() File "/usr/local/lib/python3.7/dist-packages/GitHacker/init.py", line 284, in parse_current_branch_name assert len(branch_names) == 1 AssertionError

JacobOzn avatar Oct 13 '22 21:10 JacobOzn

Thanks for reporting, I will check it out soon.

WangYihang avatar Oct 14 '22 01:10 WangYihang

same here

LeandroVCastro avatar Oct 19 '22 14:10 LeandroVCastro

Could you please provide the .git/HEAD file? It seems that there is a corner case that GitHacker didn't handle correctly. @LeandroVCastro @JacobOzn

WangYihang avatar Oct 20 '22 01:10 WangYihang

Currently, GitHacker parses the .git/HEAD file to get the current branch name using the RegExp (ref: refs/heads/([a-zA-Z\d_-]+)). GitHacker asserts that the number of current branch name equals 1 (see code).

The content of .git/HEAD file will be like the following block by default.

ref: refs/heads/master

But when the git repo checkouts to some commit (say c768909c5199e94b13d2bae023986a6817df840d), the content of .git/HEAD file will be like:

c768909c5199e94b13d2bae023986a6817df840d

Under that circumstance, the RegExp can not match any result, so the assertion will fail.

I will try to figure out how to fix this issue. Thanks a lot for reporting this bug.

WangYihang avatar Oct 20 '22 02:10 WangYihang

I pushed a hotfix to remedy this bug.

Please check it out.

pip install -U git+https://github.com/WangYihang/GitHacker

WangYihang avatar Oct 20 '22 02:10 WangYihang

I pushed a hotfix to remedy this bug.

Please check it out.

pip install -U git+https://github.com/WangYihang/GitHacker

not work too. Traceback (most recent call last): File "/home/xx/.local/bin/githacker", line 8, in sys.exit(main()) File "/home/xx/.local/lib/python3.10/site-packages/GitHacker/init.py", line 475, in main result = GitHacker( File "/home/xx/.local/lib/python3.10/site-packages/GitHacker/init.py", line 77, in init self.complete_basic_files_list() File "/home/xx/.local/lib/python3.10/site-packages/GitHacker/init.py", line 322, in complete_basic_files_list branch_names += self.parse_current_branch_name() File "/home/xx/.local/lib/python3.10/site-packages/GitHacker/init.py", line 284, in parse_current_branch_name assert len(branch_names) == 1 AssertionError

goodmaney avatar Oct 24 '22 07:10 goodmaney

@yyg12345678910, thanks for reporting.

It sees that your /home/xx/.local/lib/python3.10/site-packages/GitHacker/init.py file is not equivalent to the file https://github.com/WangYihang/GitHacker/blob/master/GitHacker/__init__.py in latest master branch.

File "/home/xx/.local/lib/python3.10/site-packages/GitHacker/init.py", line 284, in parse_current_branch_name
assert len(branch_names) == 1

See the latest code in line 284.

assert len(branch_names) <= 1

I will release the fixed version soon. Before that, please use the following command to reinstall GitHacker, sorry for the inconvenience.

pip uninstall GitHacker
git clone https://github.com/WangYihang/GitHacker
cd GitHacker/
pip install -r requirements.txt 
python setup.py install

WangYihang avatar Oct 24 '22 11:10 WangYihang

May I ask this error occurred when I was running, what is the error? How to solve it

┌──(kali㉿kali)-[~/GitHacker-master] └─$ python setup.py install Traceback (most recent call last): File "/home/kali/GitHacker-master/setup.py", line 2, in import GitHacker File "/home/kali/GitHacker-master/GitHacker/init.py", line 19, in coloredlogs.install(fmt="%(asctime)s %(levelname)s %(message)s") File "/usr/local/lib/python3.11/dist-packages/coloredlogs/init.py", line 81, in install root_handler = ColoredStreamHandler(level=level, **kw) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ TypeError: ColoredStreamHandler.init() got an unexpected keyword argument 'fmt'

Yang-0206 avatar Oct 13 '23 01:10 Yang-0206