4.12.web info disclosure version control git(Web Security Academy)

Web Security Academy >> Information disclosure >> Exploiting >> Lab

This lab discloses sensitive information via its version control history. To solve the lab, obtain the password for the administrator user then log in and delete the user carlos.

The task here is to find the adminā€™s password and then delete the user CarlosĀ ā€¦ā€¦ā€¦ā€¦ā€¦

In short, this command runs the FeroxBuster tool to discover paths and files on the specified location using the specified list of words.

Indeed, he has brought out some important paths for me hereĀ :

When you open this guide, you will find the followingĀ :

When I searched here I found the followingĀ :

These two sentences refer to a series of actions in the software development process, usually done using a version control system such as Git. Let me explain to you:

ā€œcommit (initial): Add skeleton admin panelā€:\ Ā ā€œcommitā€: A Git term that refers to logging specific changes to files in a Git repository.\ Ā ā€œ(initial)ā€: Indicates that this comment relates to the first or basic modifications to the project.\ Ā ā€œAdd skeleton admin panelā€: A description of the changes made, whereby a skeleton (or template) of the Admin Panel interface (Admin Panel) has been added to the project.

ā€œRemove admin password from configā€:\ Ā This comment indicates another change made to the project.\ Ā It appears that the Admin password has been removed from the config file, possibly for security reasons or to avoid putting a sensitive password in a public file.\ But do not forget, our mission is to find the password for the adminĀ , soĀ :

This command uses the wget tool to download (or retrieve) the content of theĀ .git folder from the specified website. Letā€™s explain it:

wget: is a Linux command used to download files from the web.

-r: This option means ā€œread resources recursivelyā€, and indicates that wget should recursively download all links on the target page.

https://0a5b00af03d5a8af805d3fcf00a600ea.web-security-academy.net/.git/: This is the URL of theĀ .git folder in the target website, it contains theĀ .git folder, which is the Git version control system folder that contains all the history of changes and related data With the project.

In short, this command uses wget to download the content of theĀ .git folder from the specified website, enabling the user to access all version data and changes in the project, which is exactly what we want, so we donā€™t see

Now we will open the downloaded fileĀ :

We will restore the commitĀ :

Of course yesĀ :

It will show what the admin has already doneĀ :

Now that we have obtained the password, we will enter the admin panelĀ :

Already logged inĀ :

We will delete the carlos user

Yes, we succeeded this time too

Congratulations, you solved theĀ lab!

See you soon in other reportsā€¦.!!

Abdelwahab_Shandy

AS_Cyber