THM: Git Happens walkthru

You can find the room here.

First of all we run nmap and scan for open ports and services. I also tried a directory scan with gobuster but it cant get a connection to the side, with fuzz all worked fine so I went there forward.

When we browse to the .git page we can find a lot of interesting data, so lets use gitdumper to download all of it:

/etc/ http://VM-IP/.git/

This task can take a few minutes, depending on the servers and your internet connection. I had some problems with the download, not sure if this was the VM or the VPN. I restarted the VM several times but the result was the first attempts like this. Just keep trying.

Now we have a lot of data, and much data is awesome. Because we are facing git you can view the commit history.

git log

We can find this:

Now we remember the description of the room on THM… Looks like we are on the right path, lets’s check this! I used git checkout

Now you can interact with the files. Lets see what we can find…

I tried to get the files with git checkout again but it doesn’t work as I expected so I thought about another way to get the source code. After a while, I found the git extractor tool. This worked pretty well to get the source code. There you can find an index.html with the source code and hardcoded credentials.

Leave a reply

Your email address will not be published. Required fields are marked *