Git Happens: Tryhackme Walkthrough by Akash
Boss wanted me to create a prototype, so here it is! We even used something called “version control” that made deploying this really easy! Link
Task 1 Capture the Flag
Find the Super Secret Password
Start gathering more information and knowing about the machine-like open ports, services running, their version number, OS-info will help to move forward to find vulnerability about the machine.
command-use: nmap -v -A 10.10.52.113
Reading nmap result we can see only one open port 80 services running http, it also finds .git repository.
visit this page ipofmachine/.git
Git tools can be very helpful for us. It contains gitdumper.sh script that can be used to pull&© git repository to our very own machine. you can download the tool from this <<link>>
command to use : ./gitdumper.sh http://10.10.171.85/.git/ clone
command to use : git log
hard press on enter scroll down to the very bottom of the log file and copy the commit_id : 395e087334d613d5e423cdf8f7be27196a360459
use git show commit_id command to see what was committed, it will show the code ( note ::to exit out press q (quit)).
Repeat same go to the very bottom and will see the password