Git Happens - THM

Git Happens, is an easy rated box. Flag gained by downloading git directory and viewing source code

Recon

nmap

Start the box with a nmap scan to identify what services are running on the box, including the version of the service.

# Nmap 7.80 scan initiated Fri Aug 28 11:34:08 2020 as: nmap -sC -sV -Pn -o git.nmap git.thm
Nmap scan report for git.thm (10.10.196.20)
Host is up (0.18s latency).
Not shown: 999 closed ports
PORT   STATE SERVICE VERSION
80/tcp open  http    nginx 1.14.0 (Ubuntu)
| http-git: 
|   10.10.196.20:80/.git/
|     Git repository found!
|_    Repository description: Unnamed repository; edit this file 'description' to name the...
|_http-server-header: nginx/1.14.0 (Ubuntu)
|_http-title: Super Awesome Site!
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel

Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
# Nmap done at Fri Aug 28 11:34:22 2020 -- 1 IP address (1 host up) scanned in 13.38 seconds

From the scan we identified once services running:

• web

Enumeration

web

By looking at the nmap scan, we see that there is git directory hosted. Since git is used for version control we can download the directory and view all the changes

By following this article we can download the .git directory

Exploitation

Now that we downloaded the git directory we can browse the file from the most recent commit to the first commit

To view the history of changes made, we run git log

The second commit from the bottom, intially jumps out since it is before all the obfuscation and encryption. This seems like a good starting point.

By running git checkout 395e we can browse file at that particular time. We then view the index.html file and find the password, which is our flag

Lessons Learned

Do not expose git directories