Git Happens — TryHackMe — Writeup

Hello. I’m Rahmos. Here is my Git Happens — TryHackMe — Writeup. Check it out!

First, deploy the machine and nmap for opened ports:

nmap -A -T4 -p- -v <ip>

nmap

Well there is only a webserver at port 80 opened. So let’s access the website.

website

It’s a login page. Now check the page source (Ctrl+ U)

page source

Here’s a const variable, maybe it’s a script? Just leave it there for now. Let’s scan for hidden dirs using gobuster:

gobuster dir -u <ip>:80 -w /path-to-wordlist

gobuster

A hidden folder called ./git/HEAD is present, so access it.

***From now, you can use gitdumper from GitTools: https://github.com/internetwache/GitTools to download the leaked git repo. But if you want to understand what HEAD, master,.. is, continue reading:

HEAD

It’s the HEAD for git. What is HEAD for git?

What is HEAD?

Let’s read content of this HEAD:

HEAD

So, now you know the reference to the current branch, which is master branch. Which means, you can get the source code from this master branch! Let’s download the master file from browser:

master

The “master” file will point you to the corresponding object hash that stores the directory tree of the commit. You can use git-dumper to dump that leaked git repo: https://github.com/internetwache/GitTools

First, make a empty folder:

mkdir empty

Next, use git-dumper shell to dump the git repo to that empty folder:

./gitdumper.sh http://<target-ip>/.git/ empty

Now cd to that “empty” folder:

The “.git” folder will contain your download from gitdumper

Now cd .git and git log -p to see all commit history. Scroll down until you see something interesting:

commit history

Now get the password. It’s your flag!