search

Git Happens

Room linkarrow-up-right.

hashtag
Scanning

I ran an NMAP scan to check out what was located on the machine.

ajread@ajread-laptop:~/ctf/tryhackme$ nmap -A [TARGET IP]
Starting Nmap 7.92 ( https://nmap.org ) at 2023-02-27 21:14 EST
Nmap scan report for [TARGET IP]
Host is up (0.078s latency).
Not shown: 999 closed tcp ports (conn-refused)
PORT   STATE SERVICE VERSION
80/tcp open  http    nginx 1.14.0 (Ubuntu)
|_http-title: Super Awesome Site!
|_http-server-header: nginx/1.14.0 (Ubuntu)
| http-git: 
|   [TARGET IP]:80/.git/
|     Git repository found!
|_    Repository description: Unnamed repository; edit this file 'description' to name the...
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel

Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 10.61 seconds

I navigated to the webpage hosted on port 80 and it was a basic login page. There was some obfuscated code at the bottom within the script section. However, it was more interesting to notice the git repo within /.git from the nmap scan.

hashtag
Enumeration

I wanted to pull down the git repo. So, I used git-dumperarrow-up-right and I was able to pull down the entire repo to my local machine.

I used a recursive grep to search for something with the word "password," but I was unsuccessful. Sometimes developers forget to remove key information when using git. So, I used git log to check out previous commits. In one of the previous commits, I found the password!

And I was able to submit the flag!

PreviousFlatlineNextIde

Last updated