GitBackdorizer - Is A Proof Of Concept That Uses The Lack Of User Attention To Steal Git Access Credentials


GitBackdorizer is a proof of concept, fully inspired in Ulisses Castro's 50 ton of backdoors talk, that abuses the lack of user attention to steal git access credentials.

How it Works
GitBackdorizer consists of three pieces: handler, dropper and the payload.

Handler
The handler sets up a HTTP server to capture the credentials and offers a menu to configure the dropper's payload. The dropper delivery is responsability of the attacker.

Dropper
The dropper is designed to have the highest possible compatibility, avoiding any non-sh specific feature. It works by:
  • Identify if the backdorized git hook is the pre-push hook or any other
  • Drop the backdoor payload to the specific hook
  • Give execution permission

Payload
Payloads are also designed to have the highest possible compatibility avoiding non-sh features.There are currently two types of payload, the generic and the pre-push specific.
The generic payload tries to identify the remote type (HTTPS/SSH) by:
  • Checking the current branch: git branch --contains HEAD
  • Collecting the remote name of the branch (through git config)
  • Collecting the remote url of the remote name (through git config) Then it will check if url is https or ssh.
The pre-push payload will check directly the provided git information for the url (second hook parameter for pre-push).

Demo
How to use gitbackdorizer to exploit user confidence and steal their credentials:


Greetz


GitBackdorizer - Is A Proof Of Concept That Uses The Lack Of User Attention To Steal Git Access Credentials GitBackdorizer - Is A Proof Of Concept That Uses The Lack Of User Attention To Steal Git Access Credentials Reviewed by Zion3R on 9:36 AM Rating: 5