Update description. Ensure script runs on Windows WSL

06_information_disclosure/Information_disclosure_in_version_control_history/README.md

@@ -1,42 +1,52 @@
-# Lab: Information disclosure in version control history
+# Write-up: Information disclosure in version control history @ PortSwigger Academy
+
+![logo](img/logo.png)
+
+This write-up for the lab *Information disclosure in version control history* is part of my walkthrough series for [PortSwigger's Web Security Academy](https://portswigger.net/web-security).
+
+**Learning path**: Server-side topics → Information disclosure
 
 Lab-Link: <https://portswigger.net/web-security/information-disclosure/exploiting/lab-infoleak-in-version-control-history>  
 Difficulty: PRACTITIONER  
-Python script: [script.py](script.py) NB: Not platform independent, works on Linux only (and perhaps on Mac). On Windows, it may run with WSL.
+Python script: [script.py](script.py) 
+*The script is not platform-independent. It works on Linux and perhaps on Mac. To run it on Windows, it requires WSL (it may run on Cygwin or similar Linux-like environments).*
 
-## Known information
+## Lab description
 
-- Lab discloses information in its version control history
-- Goals:
-  - Obtain administrator password
-  - Delete user `carlos`
+![Lab description](img/lab_description.png)
 
 ## Steps
 
-### Analysis
+As usual, the first step is to analyze the functionality of the lab application. In this lab, it is a shop website.
 
-The lab is again our favourite shop website. Browsing around does not reveal anything unusual. As we do not have known credentials, we need additional means of finding content.
+Browsing around does not reveal anything unusual. As I do not have any known credentials, I need additional means of finding content.
 
-This can be a wild guess based on the title, Burp's content discovery or any other directory search tool (e.g. gobuster, wfuzz, ...). Very quickly, it discovers an interesting directory:
+This can be a wild guess based on the title, Burp's content discovery or any other directory search tool (e.g. [gobuster](https://github.com/OJ/gobuster), [wfuzz](https://github.com/xmendez/wfuzz), ...). Very quickly, it discovers an interesting directory:
 
 ![dirsearch_result](img/dirsearch_result.png)
 
 I quickly mirror the directory with wget to create a local copy with the following line:
 
-![download_git_directory](img/download_git_directory.png)
+![](img/download_git_directory.png)
+
+Now I change into that directory, check the git log and find an interesting commit message in the last commit:
+
+![Log revealing that password was removed](img/git_log.png)
+
+So I move my working directory back to the commit before that:
 
-Checking the git log, an interesting commit message is shown in the last commit:
+![Reverting to an older commit](img/get_old_commit.png)
 
-![git_log](img/git_log.png)
+A quick directory listing shows an interesting file with even more interesting content:
 
-So go back to the commit before:
+![](img/old_directory_content.png)
 
-![get_old_commit](img/get_old_commit.png)
+![Password disclosed](img/admin_password.png)
 
-And check the content of the file:
+Now it is simply a matter of logging in with `administrator:xdewmitje2uxb30llr06` and accessing the `Admin panel`:
 
-![admin_password](img/admin_password.png)
+![](img/admin_panel.png)
 
-Now it is simply a matter of logging in with `administrator:ehr6dyudul3bxk8n3prd`, access the `Admin panel` and delete user `carlos` to solve the lab:
+After I delete user `carlos`, the lab updates to
 
-![success](img/success.png)
+![Lab solved](img/success.png)

06_information_disclosure/Information_disclosure_in_version_control_history/script.py

@@ -39,7 +39,7 @@ def main():
 
     client = requests.Session()
     client.verify = False
-    client.proxies = proxies
+    # client.proxies = proxies
     giturl = f'{host}/.git'
 
     with tempfile.TemporaryDirectory() as tmpdirname: