Mirrors/CTF-Writeups
2
0
Fork 0
mirror of https://github.com/AbdullahRizwan101/CTF-Writeups synced 2024-11-10 14:44:20 +00:00
Code Issues Projects Releases Packages Wiki Activity
CTF-Writeups/TryHackMe/Git_happens.md
AbdullahRizwan101 428217f5ed
Add files via upload
2020-11-08 21:52:43 +05:00

110 lines
No EOL
4.4 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# TryHackMe-Git Happens
## NMAP
```
Starting Nmap 7.80 ( https://nmap.org ) at 2020-11-08 20:16 PKT
Nmap scan report for 10.10.116.239
Host is up (0.16s latency).
Not shown: 999 closed ports
PORT STATE SERVICE VERSION
80/tcp open http nginx 1.14.0 (Ubuntu)
| http-git:
| 10.10.116.239:80/.git/
| Git repository found!
|_ Repository description: Unnamed repository; edit this file 'description' to name the...
|_http-server-header: nginx/1.14.0 (Ubuntu)
|_http-title: Super Awesome Site!
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 25.52 seconds
```
## PORT 80
We found `/.git/`
<img src="https://imgur.com/CZXdc27.png"/>
Use wget to recursively download all git files on your local machines so you can view them easily
`wget -r http://10.10.116.239/.git/`
```
2020-11-08 20:29:57 (2.30 MB/s) - 10.10.116.239/.git/refs/heads/master saved [41/41]
--2020-11-08 20:29:57-- http://10.10.116.239/.git/logs/refs/heads/master
Reusing existing connection to 10.10.116.239:80.
HTTP request sent, awaiting response... 200 OK
Length: 216 [application/octet-stream]
Saving to: 10.10.116.239/.git/logs/refs/heads/master
10.10.116.239/.git/logs/refs 100%[===========================================>] 216 --.-KB/s in 0s
2020-11-08 20:29:57 (13.0 MB/s) - 10.10.116.239/.git/logs/refs/heads/master saved [216/216]
FINISHED --2020-11-08 20:29:57--
```
We find somthing interesting
```
root@kali:~/TryHackMe/Easy/Git Happens/git files/logs# cat HEAD
0000000000000000000000000000000000000000 d0b3578a628889f38c0affb1b75457146a4678e5 root <root@ubuntu.(none)> 1595543975 +0200 clone: from https://hydragyrum:kMhJnM42EHdTN7MXNWeD@gitlab.com/cfe-atc/seccom/git-fail.git
```
But I can't crack the SHA-1 hash
## GitTools
I then came across gittools that may dump from a remote location and then can extract useful information from the files
### Dumper
<img src="https://imgur.com/8pxycEZ.png"/>
### Extractor
<img src="https://imgur.com/eDinwXb.png"/>
Here we can find `index.html`
```
root@kali:~/TryHackMe/Easy/Git/temp/8-395e087334d613d5e423cdf8f7be27196a360459# ls -al
total 28
drwxr-xr-x 3 root root 4096 Nov 8 21:36 .
drwxr-xr-x 11 root root 4096 Nov 8 21:36 ..
-rw-r--r-- 1 root root 241 Nov 8 21:36 commit-meta.txt
drwxr-xr-x 2 root root 4096 Nov 8 21:36 css
-rw-r--r-- 1 root root 677 Nov 8 21:36 dashboard.html
-rw-r--r-- 1 root root 2667 Nov 8 21:36 index.html
-rw-r--r-- 1 root root 54 Nov 8 21:36 README.md
```
And we will get the password
```
<script>
function login() {
let form = document.getElementById("login-form");
console.log(form.elements);
let username = form.elements["username"].value;
let password = form.elements["password"].value;
if (
username === "admin" &&
password === "Th1s_1s_4_L0ng_4nd_S3cur3_P4ssw0rd!"
) {
document.cookie = "login=1";
window.location.href = "/dashboard.html";
} else {
document.getElementById("error").innerHTML =
"INVALID USERNAME OR PASSWORD!";
}
}
</script>
</body>
```
Reference in a new issue View git blame Copy permalink