Git Happens - TryHackMe
This write-up is based on TryHackme's room named Git Happens and this room can be found here:-
This is kind of a easy room if you are familiar with git version control system and few basic git commands and highlights the danger of exposing the the git repositories publicly.
The task is simple and we have to find out a super secret password.
Running NMAP results in the following:
nmap -sC -sV 10.10.38.53
That is - we have a Git Repository exposed via Port 80! Lets browse this:
We can manually go through each of these directories or we can use some tool to get this repo locally and try to find out the password . I found a tool named GitTools on github which was super useful: https://github.com/internetwache/GitTools
Clone this tool locally using:
git clone https://github.com/internetwache/GitTools.git/
Now run the following command to get the repo locally, assuming that GitTools are in /opt/tools directory:
/opt/tools/GitTools/Dumper/gitdumper.sh http://10.10.38.53/.git/ clone
Change directory to "clone" and check the status of the repo using the command:
git status
Explore more and check the logs using:
git log
Keep Exploring the logs, you will find:
This Indicates that we have might have source code of login page, lets check this commit with the command:
git show 395e087334d613d5e423cdf8f7be27196a360459
Keep exploring this commit and you will find the password:
Nice room which exposes us with basic git commands and the dangers of exposing the git repositories publicly.
cibiPstic-gu Alexandra Daly click here
ReplyDeleteocerecmo
aninYrua Nick Alvarado UnHackMe
ReplyDeleteAdvanced SystemCare Pro 15.5.0.267
Adobe Illustrator
Install
odachebin