Exetools  

Go Back   Exetools > General > Source Code

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 11-05-2020, 18:14
atom0s's Avatar
atom0s atom0s is online now
Family
 
Join Date: Jan 2015
Location: 127.0.0.1
Posts: 302
Rept. Given: 25
Rept. Rcvd 104 Times in 50 Posts
Thanks Given: 49
Thanks Rcvd at 509 Times in 206 Posts
atom0s Reputation: 100-199 atom0s Reputation: 100-199
GitHub Source Code Leak

On Nov. 3, someone uploaded the full source code to GitHub to GitHub's own DMCA repo using a GitHub staff account. GitHub responded to the upload after taking it down within the hour of it being posted saying:

Quote:
GitHub hasn't been hacked. We accidentally shipped an un-stripped/obfuscated tarball of our GitHub Enterprise Server source code to some customers a couple of months ago. It shares code with github.com. As others have pointed out, much of GitHub is written in Ruby.
This response came from the same name of the account that posted the source code.

However, the commits log says otherwise, with the commit saying:
Quote:
felt cute, might put gh source code on dmca repo now idk
This appears to be similar to the previous leaks where an auth token was stolen that was used to access multiple private repos owned by Microsoft.

You can view the archive entry of the commit here:
Code:
https://web.archive.org/web/20201104050026if_/https://github.com/github/dmca/tree/565ece486c7c1652754d7b6d2b5ed9cb4097f9d5
You can find a full download of the commit here:
Code:
https://anonfiles.com/Jax980m9p6/dmca-565ece486c7c1652754d7b6d2b5ed9cb4097f9d5_zip
The current speculation as to why this happened is due to the recent RIAA takedowns of various repos on GitHub via DMCA'ing. Most notable is the 'youtube-dl' repo. That repo has been mirroed in several locations such as:

Code:
https://gitlab.com/ytdl-org/youtube-dl
https://git.rip/mirror/youtube-dl
__________________
Personal Projects Site: https://atom0s.com
Reply With Quote
The Following 5 Users Say Thank You to atom0s For This Useful Post:
ARUBA (11-23-2020), emo (11-07-2020), Fyyre (11-22-2020), MrScotc (11-10-2020), tonyweb (11-06-2020)
  #2  
Old 11-05-2020, 18:41
atom0s's Avatar
atom0s atom0s is online now
Family
 
Join Date: Jan 2015
Location: 127.0.0.1
Posts: 302
Rept. Given: 25
Rept. Rcvd 104 Times in 50 Posts
Thanks Given: 49
Thanks Rcvd at 509 Times in 206 Posts
atom0s Reputation: 100-199 atom0s Reputation: 100-199
Some additional info, someone has taken credit for the leak on Reddit saying the following:
Code:
I am the one who did this. You can find on my profile that I was the first one to post it on Reddit.

The commit author is a joke and can be easily done, there's even a CLI tool to do this: git-blame-someone-else

As for the code itself, I just ran a deobfuscator through the officially provided GitHub Enterprise image. Turns out they use the same codebase as GitHub (dotcom), you can even find the billing and subscriptions management in the repo.
As they claim, the leaked code is a copy of GitHub Enterprise deobfuscated. According to them, it matches the actual GitHub site setup (which makes sense since enterprise is for self-hosting etc.)

The push author was faked but access to the DMCA repo still required a leaked auth token or similar. (No info was provided for that part of the hack; but again I assume this is similar to the past hacks I mentioned above.)
__________________
Personal Projects Site: https://atom0s.com
Reply With Quote
  #3  
Old 11-08-2020, 09:30
atom0s's Avatar
atom0s atom0s is online now
Family
 
Join Date: Jan 2015
Location: 127.0.0.1
Posts: 302
Rept. Given: 25
Rept. Rcvd 104 Times in 50 Posts
Thanks Given: 49
Thanks Rcvd at 509 Times in 206 Posts
atom0s Reputation: 100-199 atom0s Reputation: 100-199
Here are links to all of GitHub Enterprises images:
Code:
HyperV              : https://github-enterprise.s3.amazonaws.com/hyperv/releases/github-enterprise-2.22.0.vhd
OpenStack KVM       : https://github-enterprise.s3.amazonaws.com/kvm/releases/github-enterprise-2.22.0.qcow2
VMWare ESXi/VSphere : https://github-enterprise.s3.amazonaws.com/esx/releases/github-enterprise-2.22.0.ova
Xen                 : https://github-enterprise.s3.amazonaws.com/xen/releases/github-enterprise-2.22.0.vhd
After you deploy the images, you can use the following script to decrypt the Ruby files:
Code:
https://gist.githubusercontent.com/jacobbednarz/e2f08812664c6d689f9bafeff040aa5c/raw/e10d488571acf59da024e50b2af9a0c2d913ab5e/ghe-revealer.rb
__________________
Personal Projects Site: https://atom0s.com
Reply With Quote
The Following 5 Users Say Thank You to atom0s For This Useful Post:
Fyyre (11-22-2020), MarcElBichon (11-08-2020), phroyt (11-16-2020), tonyweb (11-08-2020), uranus64 (11-09-2020)
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is On



All times are GMT +8. The time now is 13:11.


Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX
( 1998 - 2020 )