You can find the room here.
First of all we run nmap and scan for open ports and services. I also tried a directory scan with gobuster but it cant get a connection to the side, with fuzz all worked fine so I went there forward.
![](https://web-wilke.de/wp-content/uploads/2022/06/image.png)
![](https://web-wilke.de/wp-content/uploads/2022/06/image-1.png)
When we browse to the .git page we can find a lot of interesting data, so lets use gitdumper to download all of it:
![](https://web-wilke.de/wp-content/uploads/2022/06/image-2.png)
/etc/gitdumper.sh http://VM-IP/.git/
![](https://web-wilke.de/wp-content/uploads/2022/06/image-4.png)
This task can take a few minutes, depending on the servers and your internet connection. I had some problems with the download, not sure if this was the VM or the VPN. I restarted the VM several times but the result was the first attempts like this. Just keep trying.
Now we have a lot of data, and much data is awesome. Because we are facing git you can view the commit history.
git log
We can find this:
![](https://web-wilke.de/wp-content/uploads/2022/06/image-5.png)
Now we remember the description of the room on THM… Looks like we are on the right path, lets’s check this! I used git checkout
![](https://web-wilke.de/wp-content/uploads/2022/06/image-7.png)
Now you can interact with the files. Lets see what we can find…
![](https://web-wilke.de/wp-content/uploads/2022/06/image-8.png)
I tried to get the files with git checkout again but it doesn’t work as I expected so I thought about another way to get the source code. After a while, I found the git extractor tool. This worked pretty well to get the source code. There you can find an index.html with the source code and hardcoded credentials.