Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Why does not work? #26

Open
JacobOzn opened this issue Oct 13, 2022 · 8 comments
Open

Why does not work? #26

JacobOzn opened this issue Oct 13, 2022 · 8 comments
Assignees
@WangYihang
Labels
bug

Comments

@JacobOzn
Copy link

Hello.

root@debian:~# githacker --url https://www.target.com/.git/ --output-folder /home/test/
2022-10-13 20:50:21 INFO 1 urls to be exploited
2022-10-13 20:50:21 INFO Exploiting https://www.target.com/.git/ into /home/test/2885f055223ecdcc046def4094a3c5c6
/usr/lib/python3/dist-packages/urllib3/connectionpool.py:849: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
InsecureRequestWarning)
Traceback (most recent call last):
File "/usr/local/bin/githacker", line 10, in
sys.exit(main())
File "/usr/local/lib/python3.7/dist-packages/GitHacker/init.py", line 481, in main
delay=args.delay,
File "/usr/local/lib/python3.7/dist-packages/GitHacker/init.py", line 77, in init
self.complete_basic_files_list()
File "/usr/local/lib/python3.7/dist-packages/GitHacker/init.py", line 322, in complete_basic_files_list
branch_names += self.parse_current_branch_name()
File "/usr/local/lib/python3.7/dist-packages/GitHacker/init.py", line 284, in parse_current_branch_name
assert len(branch_names) == 1
AssertionError
@WangYihang WangYihang self-assigned this Oct 14, 2022
@WangYihang WangYihang added the bug label Oct 14, 2022
@WangYihang
Copy link
Owner

Thanks for reporting, I will check it out soon.

@LeandroVCastro
Copy link

same here

@WangYihang
Copy link
Owner

Could you please provide the .git/HEAD file? It seems that there is a corner case that GitHacker didn't handle correctly. @LeandroVCastro @JacobOzn

@WangYihang
Copy link
Owner

WangYihang commented Oct 20, 2022
edited
Loading

Currently, GitHacker parses the .git/HEAD file to get the current branch name using the RegExp (ref: refs/heads/([a-zA-Z\d_-]+)). GitHacker asserts that the number of current branch name equals 1 (see code).

The content of .git/HEAD file will be like the following block by default.

ref: refs/heads/master

But when the git repo checkouts to some commit (say c768909c5199e94b13d2bae023986a6817df840d), the content of .git/HEAD file will be like:

c768909c5199e94b13d2bae023986a6817df840d

Under that circumstance, the RegExp can not match any result, so the assertion will fail.

I will try to figure out how to fix this issue. Thanks a lot for reporting this bug.

WangYihang added a commit that referenced this issue Oct 20, 2022
@WangYihang
fix: handle dangling branch in .git/HEAD (#26)
b2b8aac
@WangYihang
Copy link
Owner

WangYihang commented Oct 20, 2022
edited
Loading

I pushed a hotfix to remedy this bug.

Please check it out.

pip install -U git+https://github.com/WangYihang/GitHacker

@goodmaney
Copy link

I pushed a hotfix to remedy this bug.

Please check it out.

pip install -U git+https://github.com/WangYihang/GitHacker

not work too.
Traceback (most recent call last):
File "/home/xx/.local/bin/githacker", line 8, in
sys.exit(main())
File "/home/xx/.local/lib/python3.10/site-packages/GitHacker/init.py", line 475, in main
result = GitHacker(
File "/home/xx/.local/lib/python3.10/site-packages/GitHacker/init.py", line 77, in init
self.complete_basic_files_list()
File "/home/xx/.local/lib/python3.10/site-packages/GitHacker/init.py", line 322, in complete_basic_files_list
branch_names += self.parse_current_branch_name()
File "/home/xx/.local/lib/python3.10/site-packages/GitHacker/init.py", line 284, in parse_current_branch_name
assert len(branch_names) == 1
AssertionError

@WangYihang
Copy link
Owner

WangYihang commented Oct 24, 2022
edited
Loading

@yyg12345678910, thanks for reporting.

It sees that your /home/xx/.local/lib/python3.10/site-packages/GitHacker/init.py file is not equivalent to the file https://github.com/WangYihang/GitHacker/blob/master/GitHacker/__init__.py in latest master branch.

File "/home/xx/.local/lib/python3.10/site-packages/GitHacker/init.py", line 284, in parse_current_branch_name
assert len(branch_names) == 1

See the latest code in line 284.

assert len(branch_names) <= 1

I will release the fixed version soon. Before that, please use the following command to reinstall GitHacker, sorry for the inconvenience.

pip uninstall GitHacker
git clone https://github.com/WangYihang/GitHacker
cd GitHacker/
pip install -r requirements.txt 
python setup.py install

@Yang-0206
Copy link

May I ask this error occurred when I was running, what is the error? How to solve it

┌──(kali㉿kali)-[~/GitHacker-master]
└─$ python setup.py install
Traceback (most recent call last):
File "/home/kali/GitHacker-master/setup.py", line 2, in
import GitHacker
File "/home/kali/GitHacker-master/GitHacker/init.py", line 19, in
coloredlogs.install(fmt="%(asctime)s %(levelname)s %(message)s")
File "/usr/local/lib/python3.11/dist-packages/coloredlogs/init.py", line 81, in install
root_handler = ColoredStreamHandler(level=level, **kw)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
TypeError: ColoredStreamHandler.init() got an unexpected keyword argument 'fmt'

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@WangYihang WangYihang

Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@LeandroVCastro @WangYihang @goodmaney @JacobOzn @Yang-0206