Git Happens - TryHackMe
Writeup for the Git Happens room
Git Happens - TryHackMe
| [TryHackMe | Git Happens](https://tryhackme.com/room/githappens) |
Boss wanted me to create a prototype, so here it is! We even used something called “version control” that made deploying this really easy!
Can you find the password to the application?
Setup
1
└──╼ $ nmap -A -T4 10.10.58.41
1
2
3
4
5
6
7
8
9
10
80/tcp open http nginx 1.14.0 (Ubuntu)
| http-git:
| 10.10.58.41:80/.git/
| Git repository found!
|_ Repository description: Unnamed repository; edit this file 'description' to name the...
| http-methods:
|_ Supported Methods: GET HEAD
|_http-server-header: nginx/1.14.0 (Ubuntu)
|_http-title: Super Awesome Site!
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
As you can see the nmap scan found a “.git” repertory on the website, let’s use some tools to get all the data.
1
└──╼ $ ./gitdumper.sh http://10.10.58.41/.git/ .
Once the dumper script get all the data let’s use the extractor script to have all the source code.
1
└──╼ $ ./extractor.sh ~/Desktop/TryHackMe/git-thm/GitTools/Dumper/ .
As you can see the script created some directory, let’s see if the password is in there.
#1 Find the Super Secret Password
1
Th**_**_*_****_****_******_*******!
This post is licensed under
CC BY 4.0
by the author.