Par /

Committed

Platform : TryHackMe
Type : Challenge
Difficulty : ⭐⭐☆☆☆

Table of contents

1 Table of contents
2 Introduction
3 Find the flag
4 Tools used

Introduction

Oh no, not again! One of our developers accidentally committed some sensitive code to our GitHub repository. Well, at least, that is what they told us… the problem is, we don’t remember what or where! Can you track down what we accidentally committed ?

Find the flag

First, let’s download the commited.zip file to our machine (because we will need to download a tool and the target VM doesn’t have internet access). Then we have to extract the zip file commited.zip :

┌──(root㉿kali)-[~]
└─# unzip commited.zip 
Archive:  commited.zip
    creating: commited/
    creating: commited/.git/
    creating: commited/.git/logs/
    creating: commited/.git/logs/refs/
    creating: commited/.git/logs/refs/heads/
<SNIP>

Now, we need to download GitTools :

┌──(root㉿kali)-[~]
└─# wget https://github.com/internetwache/GitTools/releases/download/v0.0.1/gitTools-v0.0.1.zip
--2023-03-14 10:32:26--  https://github.com/internetwache/GitTools/releases/download/v0.0.1/gitTools-v0.0.1.zip
Resolving github.com (github.com)... 140.82.121.3
Connecting to github.com (github.com)|140.82.121.3|:443... connected.
HTTP request sent, awaiting response... 302 Found
Location: https://objects.githubusercontent.com/github-production-release-asset-2e65be/34182773/9e4a9e00-addd-11eb-93dd-036c3ec56ae9?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20230314%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20230314T103157Z&X-Amz-Expires=300&X-Amz-Signature=175959b12a2837be4614527d49ede350b7b164d968e919cf5b1be97b51f0f067&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=34182773&response-content-disposition=attachment%3B%20filename%3DgitTools-v0.0.1.zip&response-content-type=application%2Foctet-stream [following]
--2023-03-14 10:32:27--  https://objects.githubusercontent.com/github-production-release-asset-2e65be/34182773/9e4a9e00-addd-11eb-93dd-036c3ec56ae9?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20230314%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20230314T103157Z&X-Amz-Expires=300&X-Amz-Signature=175959b12a2837be4614527d49ede350b7b164d968e919cf5b1be97b51f0f067&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=34182773&response-content-disposition=attachment%3B%20filename%3DgitTools-v0.0.1.zip&response-content-type=application%2Foctet-stream
Resolving objects.githubusercontent.com (objects.githubusercontent.com)... 185.199.109.133, 185.199.110.133, 185.199.111.133, ...
Connecting to objects.githubusercontent.com (objects.githubusercontent.com)|185.199.109.133|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 219319 (214K) [application/octet-stream]
Saving to: 'gitTools-v0.0.1.zip'

gitTools-v0.0.1.zip               100%[===========================================================>] 214.18K  --.-KB/s    in 0.03s   

2023-03-14 10:32:27 (7.16 MB/s) - 'gitTools-v0.0.1.zip' saved [219319/219319]

┌──(root㉿kali)-[~]
└─# unzip gitTools-v0.0.1.zip -d GitTools
Archive:  gitTools-v0.0.1.zip
    creating: GitTools/.git/
    creating: GitTools/.git/branches/
    creating: GitTools/.git/hooks/
    inflating: GitTools/.git/hooks/applypatch-msg.sample  
    <SNIP>

GitTools is composed of three main tools. The one we need is the Extractor. It can extract commits from a Git repository :

┌──(root㉿kali)-[~]
└─# ./GitTools/Extractor/extractor.sh ./commited ./dump
###########
# Extractor is part of https://github.com/internetwache/GitTools
#
# Developed and maintained by @gehaxelt from @internetwache
#
# Use at your own risk. Usage might be illegal in certain circumstances. 
# Only for educational purposes!
###########
[*] Destination folder does not exist
[*] Creating...
[+] Found commit: c56c470a2a9dfb5cfbd54cd614a9fdb1644412b5
[+] Found file: /root/./dump/0-c56c470a2a9dfb5cfbd54cd614a9fdb1644412b5/Note
[+] Found file: /root/./dump/0-c56c470a2a9dfb5cfbd54cd614a9fdb1644412b5/Readme.md
[+] Found file: /root/./dump/0-c56c470a2a9dfb5cfbd54cd614a9fdb1644412b5/main.py
[+] Found commit: 9ecdc566de145f5c13da74673fa3432773692502
[+] Found file: /root/./dump/1-9ecdc566de145f5c13da74673fa3432773692502/Readme.md
[+] Found file: /root/./dump/1-9ecdc566de145f5c13da74673fa3432773692502/main.py
<SNIP>

Since Git keeps an history of every modifications made to a repository, the flag should be in one of the commits. Using grep, we can easily search for it in every files and sub-directories :

┌──(root㉿kali)-[~/dump]
└─# grep -iR flag
7-3a8cc16f919b8ac43651d68dceacbb28ebb9b625/main.py:    password="flag{<REDACTED>}" # Password Goes Here
7-3a8cc16f919b8ac43651d68dceacbb28ebb9b625/main.py:    password="flag{<REDACTED>}", #password Goes here
7-3a8cc16f919b8ac43651d68dceacbb28ebb9b625/main.py:    password="flag{<REDACTED>}",

Tools used

ToolUsage
GitToolsExtract commits from the Git repository
grepSearch for specific strings in files / sub-directories
Retour en haut