Git Happens

Git Happens

This room seems pretty basic in terms of questions we need to answer (Only 1)

“Find the Super Secret Password”

First thing we are going to do is run a scan against the machine

Based on our scan results we were able to locate a git repository!

Next step I ran Gobuster to find any hidden directories

looks like .git/HEAD and index.html stick out.

When avigating to the IP we get a login screen

From here I got stuck at a standstill. Looked up some writeups and came across the tool GITTools

Installed using git clone https://github.com/internetwache/GitTools

From here we are going to navigate to the dumper tool and run it

Command is ./gitdumper.sh http://10.10.21.168/.git/ ./

Running Git log and it shows us the repository info

Running the command git log | grep commit | cut -d ” ” -f2 | xargs git show allows us to view the individual commits and code

Reviewing the code from here and we were able to locate the password

We can log login using the username admin and the password Th1s_1s_4_L0ng_4nd_S3cur3_P4ssw0rd!