Git Happens TryHackme

Hello guys back again with another walkthrough this time am going to be doing Git Happens from TryHackMe. The content will be focusing on how git history works. How each commit that a person makes on GitHub can lead to a compromise down the line. We’ll go on how to recover the entire source code of the web application and then take it a step further and try to host the web application locally. Without much say let’s jump in

As always we are going to start off with a nmap scan of the box this will give us really useful information on the services that are running on the box

Looking at the nmap results we see that only one port happens to be open in the top 1000 ports that nmap scans

Looking at the nmap result we see that nmap script http-git was able to identify that the website has a .git folder.

So let’s open the website and we see what we’ll see

Let’s take a look at the git repsoitory

And we get a standard git repository looking at the configs i didn’t find a link that i could use to download the repository from GitHub but didn’t get too lucky so i decided to use gittools from GitHub to clone the repository to my local box

Any time i come across a git folder in a CTF or boot2root kind of machines things that come into my mind are

  1. probably there are credentials lying around that i need to find
  2. The application has a vulnerability and i must analyze the source code to find it then exploit the vulnerability

There are 2 tools that i highly recommend to use to dump any got repository from GitHub that is

  1. GitTools
  2. Git dumper

But for the demo I’ll use GitTools since I’ve come to love it more. Let’s dump the git repository

After the dumping is done we see a file called test has been created

Navigating to the directory we see that it the git folder was successfully downloaded

But what’s odd is that we don’t have the source code of the web application. But git has a way that enables us to view all the commits done to any repository and also the changes that happened to every file in that repository

Doing a git log on the repo we get lots of commits starting from the latest commits and the latest commits talks about obfuscation

But one git looks really interesting since it task about a login page

So i decided to see exactly see the changes that took place at this commit using git diff

And as you see above we get the credentials for the login {which is the flag for the CTF}

But i decided to see if i could retrieve the entire file to my local box. Doing some research i found that by using git reset — hard {commit} we could restrive every file that was in the repo at that particular commit

Let’s try it

Before trying this backup the git repo cause it screws up with the commits

Doing a directory listing again we get all the files

Cool now we have the entire source code if index.html

Now lets host the website on localhost

Next let’s open with Mozilla

And we have a perfect replica of the real site sweet now we have the ability to login to the box

And we are done hope you learnt something. Have a nice time and till next time it’s goodbye

Penetration Tester/Analytical Chemist who Loves Cybersecurity. GitHub(https://github.com/musyoka101), ExploitDB(https://www.exploit-db.com/?author=10517)

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Nginx Fastcgi Reverse Proxy Cache for PHP (Symfony)

GraphQL between Angular and Symfony

Automate Microservice Deployment to AWS ECS Fargate

The inevitable Truth of App development

Step by step guide to deploy Spring Boot Microservices to Kubernetes(k8s)

IAM Patterns

Not 1, but 2 new pools: $CAKE-$GAMBIT + $BTC-$GAMBIT! And… another halving

Reduce Cost and Increase Productivity with Value Added IT Services from buzinessware — {link} -

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Musyoka Ian

Musyoka Ian

Penetration Tester/Analytical Chemist who Loves Cybersecurity. GitHub(https://github.com/musyoka101), ExploitDB(https://www.exploit-db.com/?author=10517)

More from Medium

Learn the basics of Penetration Testing: HTB: Ignition

PortSwigger Lab: Modifying serialized data types | WalkThrough

Permission Master CyberTalents CTF #Linux Essentials