categories: []
date: '2023-10-27T15:09:58.210816+08:00'
tags:

  • Kubernetes Goat
    title: 'Kubernetes Goat 01 '
    updated: 2023-10-27T17:17:37.256+8:0

Kubernetes Goat 01

  • 开发人员倾向于将敏感信息提交给版本控制系统。当我们转向 CI/CD 和 GitOps 系统时,我们往往会忘记识别代码和提交中的敏感信息。让我们看看能不能在这里找到一些很酷的东西!
  • 提示源码泄露

https://gh.putdown.top/https://github.com/futalk/tuchuang/raw/main/img/Snipaste_2023-10-27_15-11-29_d41d8cd98f00b204e9800998ecf8427e.jpg

目标网站

开始测试

目录扫描

https://gh.putdown.top/https://github.com/futalk/tuchuang/raw/main/img/Snipaste_2023-10-27_15-14-13_d41d8cd98f00b204e9800998ecf8427e.jpg

git泄露

python git_dumper.py http://192.168.72.129:1230/ goat

https://gh.putdown.top/https://github.com/futalk/tuchuang/raw/main/img/Snipaste_2023-10-27_15-17-02_d41d8cd98f00b204e9800998ecf8427e.jpg

git命令

https://gh.putdown.top/https://github.com/futalk/tuchuang/raw/main/img/Snipaste_2023-10-27_15-19-33_d41d8cd98f00b204e9800998ecf8427e.jpg

  • 查看log

https://gh.putdown.top/https://github.com/futalk/tuchuang/raw/main/img/Snipaste_2023-10-27_15-20-26_d41d8cd98f00b204e9800998ecf8427e.jpg

  • 使用git checkout查看
  • git checkout -f 进行切换
  • ls -la查看所有文件

https://gh.putdown.top/https://github.com/futalk/tuchuang/raw/main/img/Snipaste_2023-10-27_15-26-36_d41d8cd98f00b204e9800998ecf8427e.jpg

  • 查看.env

https://gh.putdown.top/https://github.com/futalk/tuchuang/raw/main/img/Snipaste_2023-10-27_15-28-42_d41d8cd98f00b204e9800998ecf8427e.jpg

结束