0

I have a client with an open .hg directory. For example, the URL http://example.com/.hg/dirstate shows a plain text config file. They have not enabled directory listing, so http://example.com/.hg/ gives a 403 Forbidden page.

I want to download the repository in order to obtain the source code. How can I download the contents of the .hg directory?

Sjoerd
  • 28,707
  • 12
  • 74
  • 102
  • Not sure, but give this a shot "wget -r -np -nH --cut-dirs=2 -R index.html http://example.com/.hg/" Mind the auto-format removing "http://" from url in this comment. – Krishna Pandey Mar 20 '17 at 09:51
  • Wget will try to get the links from the index, which in this case is just a 403. For getting the files, you'll need to run a filename bruteforcer, like DirBuster – J.A.K. Mar 20 '17 at 11:15

1 Answers1

1

I have made a tool that performs some of the following steps:

  • First, download the changelog and manifest files as described in the repo structure documentation.
  • Run hg --debug manifest to get a file list. Download the index for all these files.
  • Fix the repo using the convert extension
  • Run hg update -C to restore all files.

Now you have the source code.

Edit: more information in my blog post about this.

Sjoerd
  • 28,707
  • 12
  • 74
  • 102