 Hello everyone, my name is John Hammond and welcome back to the YouTube video and we're looking at some more try hack me This room is called git happens. It just released a little bit ago and it's kind of fun. It's kind of neat It's a very very quick and short room But I do want to showcase it because hey, I'm loving a lot of this stuff lately So this is called git happens boss wants me to create a prototype. So here it is We even use something called version control that made deploying this really easy So I have spun up the machine and I have the IP address ready to go here Let me fire up a terminal and I will hop over to my try hack me directory Make a directory for YouTube Git happens and let's hop over to that I will go ahead and start off with an nmap scan as I always do But I'm actually gonna end up using rust scan. So I don't need that nmap directory So I've found rust scan and I love it and I think it's really really cool It's super fast and it's great. I've been chatting with B So thank you for this incredible tool and I see you're getting a lot of love in the community already So I hope it stays well for you. So I will run rust scan tack B to specify batch size I'll use 500 here and it looks like it already found a port 80 open So we can go ahead and tinker with that over on the web page here Okay, it looks like we have a login page and we could go through our usual Enumeration check out robots.txt. Maybe run Necto. Maybe run Durbuster. There's plenty of things we could do but considering this challenge is called git happens I have a Feeling we might have a dot git repository present on this web page It looks like we do so if you find a public face and get repository that is available on a web page You should totally download it I end up doing this with git tools, which is actually a repository full of tools by internet Waste I think and you've probably seen me showcase this in some other videos But I do want to harp on this one more time because it works great I've gone ahead and clone it in my op directory So I would just go ahead and up if you want to do that Anyway hop over to where you want to put the tool and simply get clone it to grab all those So inside of that directory you do have Git tools tab complete to see what's in there We have a dumper utility and if you use dumper you have git dumper dot sh So git dumper dot sh needs to have a destination directory as to where it's gonna actually have this location But it also needs to have where it's getting this git repository. So include the link HTTP your target dot git make sure you include that in Your argument so I will run a git dumper dot sh and I'll paste in up to that Slash and dot git prefix and I'll just call a directory that I want to create Git and then we'll go ahead and it'll download all of these Git repository objects all the blobs all the commits everything that would be present in that git repository This takes a little bit of time. So I'm gonna pause and let this go Okay, now that that has finished downloading I should have a git directory present here and I do so I can hop on over to that directory and I can see What would have been the files present in this git directory when I run just LS looks like I don't have anything there But keep in mind that dot git directory has that dot prefix So it's a hidden directory or hidden file I could actually do things like run git log and interact with this the same way I would if I were in a regular github repository that I had created because we just downloaded the whole thing and now The git command line tool and program knows to operate within that context of everything here So I could look through here and see some of the peculiar Git messages here if I'm scrolling up or down and going all the way down to the very very bottom I can see their initial commit and the login page commit that they've included the source code Obfuscation some stuff that they're doing here and let et cetera et cetera et cetera So when I have a publicly accessible git repository that I've been able to download and look through what I end up doing To actually look for new files or see kind of the beginnings of this project and how it was all created I actually take that git log output and then I go ahead and grep for just the commit message line So the ones that will include the commit Notification and the little shy ID that is pertinent and specific to that individual commit What I'll end up doing is I'll cut out By using cut and tack D to specify the limiter and a space is my delimiter And I'll just simply cut and grab that second field So I have all of these Git IDs right and then what I'll do is I'll end up using something simple like XRs or And I'll go ahead and run git show XRs will kind of take the Input or everything that it's going to end up reading line by line and kind of use that as the final argument to this next command here So XRs will take all of this and just funnel it into git show and that way I can actually look at these individual commits I could see all the files that they're going to head and adding or including in here And I can keep scrolling down and down and see all the way to the very very beginning of This project or get to that very very last or first in this case initial commit So if I kind of scroll up now, I can see the very very basic first primitive page that they created You can see this index dot HTML and it looks like it's this super awesome site The same thing we were interacting with in our web browser and of course the login page that we see in HTML We could specify taking a look at the form that they're going to look at what they do is they have a login button and it will end up running a login function as that form is submitted and Interestingly enough they do all this handle engine JavaScript so we can see that very very clearly on the client side They end up just grabbing the values out of the form and testing if the username is equal to admin And this is a long and secure password then even in that first iteration. That's what we'll go ahead and authenticate They use a document cookie to specify whether or not someone is logged in So you could finagle that to do a little authentication bypass if you wanted to but the interesting stuff here that we want is just this password And that would bring us to dashboard dot HTML. So this is what we could end up using But if you look through here, you can see all the different iterations of how they were developing this web page, right? They mentioned that this and in the git commit messages, you could see that okay now We're going to do some obscurity or going to kind of obfuscate what this Password might be or they'll end up hashing it with Shah 512 or whatever But since we have all of the history here and we can kind of determine what it Originally was what the first initial rendition of this project was and we're Tracking that all with version control with git. Maybe we can find out some more interesting Information and data. Anyway, the gist of it all is that git dumper script That's found and available on git tools and the internet way. Sure. I might be mispronouncing that. I'm sorry But all we would do once we had that password You could log in with admin and the super secure password and leet speak we could go ahead and log in This page might not be letting me Doing some weird JavaScript things earlier or my connection has just died classic Yeah, that's gone Well, regardless once you log into this page, you might have actually seen it in our scrolling You will get returned to another location that says awesome Go ahead and use the password that you found as the flag and that is all that this room actually asks of you It says can you find the password of the application and that's it you'll submit that and then you are done with this room So again very very quick very very simple room But maybe a little bit of good learning lesson if you haven't seen git tools or git dumper before and you'll know how to respond When you find a public-facing git repository out on the internet You often see that maybe sometimes in capture the flag Maybe you could see that in the pen test if you find that a bug bounty Hey, that's probably gonna be huge, but I just want to make sure you kind of know what to do with it When you see it. Thanks for watching everybody. I hope you enjoyed this video. I love you I'll see you in the next one. Take care