TryHackMe | Git Happens
Boss wanted me to create a prototype, so here it is! We even used something called "version control" that made…
Let’s begin as always with our nmap:
So now it says it is scanning 2 ports but only 1 shows:
However we notice something here, there is a local git repository which we can try to get using a specific set of tools called GitTools.
First I want to take a look at the web side of things:
Okay so we get a login screen, let’s check for any additional hidden comments (if any).
After checking for a minute or two I did not find anything, so I tried to do a dummy login and see what happens:
Well to my surprise, actually nothing happened. The text boxes did not clear, the URL did not change, and we got no 401 Unauthorized.
This tells me the login page is merely for show and the .git repo is where we need to check.
With that in mind we can run a quick gobuster to see if there’s any additional directories:
And we find nothing there, well we can view the .git on the web browser but that will take a long time to go digging through everything.
So I searched for “pentest an exposed .git” and we get a blog from pentester academy, this points us to a Github repoository called GitTools.
This set of tools allows us to download and extract data from a exposed .git repository.
With that in mind let’s git clone this set of tools locally, the github repository for this tool is: https://github.com/internetwache/GitTools
So now let’s clone this locally for use:
Awesome now we have this tool we can use 2 of these tools to download and extract the data from the exposed .git repository.
The first tool we are going to use here is gitdumper.sh so let’s check it’s usage:
Great, so let’s point this to the right direction and specify an output directory:
Well once that has finished, we are going to use the extractor.sh to extract the data from our .git folder.
So let’s extract this, first a quick usage check:
Okay now to extract:
And once that is done I want to go through the following folders we now have 1 by 1 and use the following command to search for anything containing the string “pass”.
grep -in “pass” *
Where we are going to be searching, the output:
NOTE: I won’t show the outputs of all these but instead only the one that matters. So you will have to go digging yourself!
Now after searching all the directories we find exactly what we are looking for, the “Super Secret Password”:
And with that obtained we are actually done!
Congratulations and thank you for reading!
Please feel free to follow me on twitter if you like the write up: https://twitter.com/amec0e