Committed is a beginner level room in Tryhackme. If you know a little bit of Git, this room will be a piece of cake for you.
Author | tryhackme and cmnatic |
Description | One of our developers accidentally committed some sensitive code to our GitHub repository. Well, at least, that is what they told us… |
Deploy the VM and let’s Capture the flag.
Task Files
Read the description and download the task files after the machine starts.
I transferred the committed.zip file from the remote machine to my local machine since I am comfortable using my own machine.
Flag
I unzipped the file and found that it was a git repository.
unzip committed.zip
I only found two files named main.py and the usual Markdown file of a git repository. The first thing I did was using the commit id to look through the previous versions of the repo using the following commands
git log # To get all the commit id git show [commit_id] # To get the file changes for the respective commit id
I couldn’t find anything useful after looking at the previous commits. So, I decided to check if there is any other branch and yes….it was there.
To look for local branches in an git repository use:
git branch
And to change to another branch use:
git checkout [branch_name]
In this case, we’ll be using
git checkout dbint
After looking at the log using the git log
command I found an interesting git commit message. I got the flag after using the git show [commit_id]
command
That’s it for this post. Happy Hacking!!