i take one breath / mint at a time

Bandit LV28-30: finally a familiar exploration: git

#git #gitlog #gittag #gitshow #repo #ssh

Bandit 28: Reverting to an older Git Commit

We have a cloned repo that contains the file README.md. Inside it says:

- username: bandit29 - password: xxxxxxxx

Clearly the password has been removed in our current version of the repo. The stated purpose of .git is version control so it reasons to can easily check if previous .git commits exist by viewing git log:

`commit edd935d60906b33f0619605abd1689808ccdd5ee
Author: Morla Porla morla@overthewire.org
Date: Thu May 7 20:14:49 2020 +0200

fix info leak

commit c086d11a00c0648d095d04c089786efef5e01264
Author: Morla Porla morla@overthewire.org
Date: Thu May 7 20:14:49 2020 +0200

add missing data

commit de2ebe2d5fd1598cd547f4d56247e053be3fdc38
Author: Ben Dover noone@overthewire.org
Date: Thu May 7 20:14:49 2020 +0200

initial commit of README.md`

So I decided to try to reverse back to initial commit using git reset --hard HEAD~1

Received the result: HEAD is now at c086d11 add missing data

Checked my README.md file and viola! Ze password iz mine!!

Bandit 29

Same as previous bandit. We are given a repo and inside the README.md are the following credentials:

I started poking around the .git and directory and found this in ORIG_HEAD that looks interesting:

208f463b5b3992906eabf23c562eda3277fea912

Since it like a git commit hash, I tried reverting to it, found nothing. Then I noticed that the packed-refs file also contained some git commit hashes:

# pack-refs with: peeled fully-peeled bc833286fca18a3948aec989f7025e23ffc16c07 refs/remotes/origin/dev 208f463b5b3992906eabf23c562eda3277fea912 refs/remotes/origin/master 786d5bea2bd2dcbed2c8896a310c3c5306bc713c refs/remotes/origin/sploits-dev

Another way I could have accessed this info would be using the
git show-ref command to check for all git references in local repo.

I then reset git to the /origin/dev' and checked theREADME` and yes! Password found!

git reset --hard bc833286fca18a3948aec989f7025e23ffc16c07 HEAD is now at bc83328 add data needed for development

Bandit LV30: Searching an “empty” repo for clues

#git #gitlog #gitshow

Similar to the last two levels, we are given a repo only this time, it's EMPTY save for a the READMD.md that just has this hilarious message: just an epmty file... muahaha < MIS-SPELLED AND ALL! I laughed.

Then I tried the usual suspects:

git log gives us just the initial commit of README.md — not helpful:

`commit 3aefa229469b7ba1cc08203e5d8fa299354c496b
Author: Ben Dover noone@overthewire.org
Date: Thu May 7 20:14:54 2020 +0200

initial commit of README.md`

I tried git show which describes the HEAD commit by default:

`commit 3aefa229469b7ba1cc08203e5d8fa299354c496b
Author: Ben Dover noone@overthewire.org
Date: Thu May 7 20:14:54 2020 +0200

initial commit of README.md

diff —git a/README.md b/README.md
new file mode 100644
index 0000000..029ba42
—– /dev/null
+++ b/README.md
@@ -0,0 +1 @@`

This does look like there was a new README.md file created, the useless one. Not sure how helpful this is?

Decided to poke around the repo references again: less ./.git/packed-refs

# pack-refs with: peeled fully-peeled 3aefa229469b7ba1cc08203e5d8fa299354c496b refs/remotes/origin/master f17132340e8ee6c159e0a4a6bc6f80e1da3b1aea refs/tags/secret

This secret tag is interesting. Git tags are a reference point to a specific moment in git history and store data about that point. This can be accessed with the command syntax: git show <tag>

So I tried git show f17132340e8ee6c159e0a4a6bc6f80e1da3b1aea

And the password onwards appeared!