Git Happens
Room link.
Scanning
I ran an NMAP scan to check out what was located on the machine.
ajread@ajread-laptop:~/ctf/tryhackme$ nmap -A [TARGET IP]
Starting Nmap 7.92 ( https://nmap.org ) at 2023-02-27 21:14 EST
Nmap scan report for [TARGET IP]
Host is up (0.078s latency).
Not shown: 999 closed tcp ports (conn-refused)
PORT STATE SERVICE VERSION
80/tcp open http nginx 1.14.0 (Ubuntu)
|_http-title: Super Awesome Site!
|_http-server-header: nginx/1.14.0 (Ubuntu)
| http-git:
| [TARGET IP]:80/.git/
| Git repository found!
|_ Repository description: Unnamed repository; edit this file 'description' to name the...
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 10.61 secondsI navigated to the webpage hosted on port 80 and it was a basic login page. There was some obfuscated code at the bottom within the script section. However, it was more interesting to notice the git repo within /.git from the nmap scan.
Enumeration
I wanted to pull down the git repo. So, I used git-dumper and I was able to pull down the entire repo to my local machine.
I used a recursive grep to search for something with the word "password," but I was unsuccessful. Sometimes developers forget to remove key information when using git. So, I used git log to check out previous commits. In one of the previous commits, I found the password!
And I was able to submit the flag!
Last updated