You can find the room here.
First of all we run nmap and scan for open ports and services. I also tried a directory scan with gobuster but it cant get a connection to the side, with fuzz all worked fine so I went there forward.
When we browse to the .git page we can find a lot of interesting data, so lets use gitdumper to download all of it:
/etc/gitdumper.sh http://VM-IP/.git/
This task can take a few minutes, depending on the servers and your internet connection. I had some problems with the download, not sure if this was the VM or the VPN. I restarted the VM several times but the result was the first attempts like this. Just keep trying.
Now we have a lot of data, and much data is awesome. Because we are facing git you can view the commit history.
git logWe can find this:
Now we remember the description of the room on THM… Looks like we are on the right path, lets’s check this! I used git checkout
Now you can interact with the files. Lets see what we can find…
I tried to get the files with git checkout again but it doesn’t work as I expected so I thought about another way to get the source code. After a while, I found the git extractor tool. This worked pretty well to get the source code. There you can find an index.html with the source code and hardcoded credentials.