Info Sharing Blog

Tuesday, August 25, 2020

THM Walkthrough : Git Happens

August 25, 2020 Posted by jaacostan
THM Room : Git Happens

Perform a Directory scan. Here i used Gobuster.
Git directory found. Same you can find using the nmap scan.
If you browse the address, you can see the login page. finding the credential is the goal of this room. If you go through the page source, you can find some javascript. You can try to decode to find something relevant.
You can also browse through the site pages to find hints. However i couldn't find anything relevant. I found some logs though.
I used gitdumper.sh script to dump all the items to my local machine. Link (https://raw.githubusercontent.com/internetwache/GitTools/master/Dumper/gitdumper.sh)
 Checkout
Go through the logs to find the commit history (reference : https://git-scm.com/book/en/v2/Git-Basics-Viewing-the-Commit-History)
Based on the hint/statement, look for the commit entry made by Boss and checkout.
Check out again using the new entry. And go through the index.html file.
You can find the credentials in the index.html file. The password is the flag.