Post

TryHackMe | Committed

Writeup of a easy-rated Challenge from TryHackMe

Posted Updated
Preview Image
By Younes Tasra
3 min read
Committed is a machine from TryHackMe where there is a zip folder that contains a Git repository requiring investigation for a possible leak of sensitive code

Challenge Description

Oh no, not again! One of our developers accidentally committed some sensitive code to our GitHub repository. Well, at least, that is what they told us… the problem is, we don’t remember what or where! Can you track down what we accidentally committed?

Write-Up

Downloading the files locally:

The files we need are located in /home/ubuntu/commited on the VM attached to this task. Let’s start a python webserver on this attached VM in order to download the commited.zip zip file into our local machine:

1

python3 -m http.server <PORT>

Python web server on port 1234


Now, on our local machine, let’s download the hosted file commited.zip:

1

wget http://<MACHINE_IP>:<PORT>/commited.zip

Downloading commited.zip file


Let’s extract the content of the zip file we downloaded commited.zip:

1

unzip commited.zip

Extracted folder


  • Now we have access to the Git repository and we can start enumerating it locally.

GitTools - Extractor:

As you can see from the screenshot above, there is a .git folder inside the folder we extracted commited. With that, we can use the Extractor tool from GitTools in order to extract all the commits from the .git folder. To do so, let’s follow the below steps:

1- Clone the repository:

Cloning GotTools repo


2- cd into GitTools/Extractor folder copy and paste the bash script extractor.sh in the directory of the commited folder:

Copying Extractor bash script

extractor.sh


3- Run the extractor script:

1

./extractor.sh commited/ new_commited/

Executing the extractor tool


  • This command will extract all the commits from commited/.git/ folder and stores them in new_commited/ folder:

Commits


  • As you can see, there are 9 commits in total, each is represented with a folder that contains some text files.

Flag:

Now, all we need to do is to search for the flag, which is most likely in the format flag{}

Flag format


Using Grep:

We can run the following command, which will perform a recursive search in the new_commited directory for any occurrences of the string flag, by searching through all files within the commit directories.

1

grep -Ri 'flag'

grep -Ri 'flag'


Using a loop:

We can use a nested loop to iterate through files in the directory structure under the new_commited folder.

Flag using for loop


  • This command will search through all the files within new_commited directory and its subdirectories, by looking for lines that contain the pattern {.*} and displays the matching lines on the terminal.
  • As you can guess, this method is useful if we don’t have a previous knowledge on the flag’s format. Of course, we could’ve done the same thing with the first method grep by running the command:
    1

    grep -RiE {.*}

grep -RiE {.*}
Using a git-cola tool:

git-cola is an open-source graphical user interface (GUI) for the Git version control system. It provides a more user-friendly and visually appealing interface compared to the command-line interface provided by Git

  • Installation:
    1

    sudo apt-get install git-cola

Installing git-cola


  • You can start enumerating the repository using git-cola by following the bellow steps:
    1. Run the command git-cola in terminal,
    2. Click on the New.. button,
    3. Select the new_commited folder (the folder that contains the commits extracted using GitTools-Extractor),
    4. Click on Open,

Setting up git-cola


  • After opening the folder, you can start enumerating each commits, by going through each and every file while inspecting the Diff window below, until you find your flag.

Flag using git-cola


Challenges, THM
Web Exploitation Git Repository Sensitive Data Exposure Information Disclosure git-cola git
This post is licensed under CC BY 4.0 by the author.