Gitlab

git, enum

Credentials #

root:<random token set during installation>

Finding version #

Interesting Files and Directories #

# contains private key
/opt/gitlab/embedded/service/gitlab-rails/config/secrets.yml

# contains root password
#   gitlab_rails['initial_root_password'] = '<my_strong_password>'
/etc/gitlab/gitlab.rb
cat /etc/gitlab/gitlab.rb | grep git_data_dirs

# - Contains repositories from other users
# - Looks like only contains bare repos, no actual files
/var/opt/gitlab/git-data/repositories

# You can find clues here about private or hidden repos
grep -r securedocker /var/log/gitlab 2> /dev/null

Commands #

# gitlab console - can be used for management such as password
#                  resets
# https://docs.gitlab.com/ee/administration/troubleshooting/gitlab_rails_cheat_sheet.html
gitlab-rails console

# Mirroring an exposed .git directory and recreating the files
wget --mirror -I .git 10.10.10.70/.git
git checkout -- .

Other Enumeration Methods #

Signup #

References #