Git Happens
This room seems pretty basic in terms of questions we need to answer (Only 1)
“Find the Super Secret Password”
First thing we are going to do is run a scan against the machine
Based on our scan results we were able to locate a git repository!
Next step I ran Gobuster to find any hidden directories
looks like .git/HEAD and index.html stick out.
When avigating to the IP we get a login screen
From here I got stuck at a standstill. Looked up some writeups and came across the tool GITTools
Installed using git clone https://github.com/internetwache/GitTools
From here we are going to navigate to the dumper tool and run it
Command is ./gitdumper.sh http://10.10.21.168/.git/ ./
Running Git log and it shows us the repository info
Running the command git log | grep commit | cut -d ” ” -f2 | xargs git show allows us to view the individual commits and code
Reviewing the code from here and we were able to locate the password
We can log login using the username admin and the password Th1s_1s_4_L0ng_4nd_S3cur3_P4ssw0rd!