Posts Tryhackme - Committed
Post
Cancel

Tryhackme - Committed


Committed is a beginner level room in Tryhackme. If you know a little bit of Git, this room will be a piece of cake for you.

cover_image

Authortryhackme and cmnatic
DescriptionOne of our developers accidentally committed some sensitive code to our GitHub repository. Well, at least, that is what they told us…

Deploy the VM and let’s Capture the flag.

Task Files


Read the description and download the task files after the machine starts.

task_files

I transferred the committed.zip file from the remote machine to my local machine since I am comfortable using my own machine.


Flag


I unzipped the file and found that it was a git repository.

unzip committed.zip

unziped_files

I only found two files named main.py and the usual Markdown file of a git repository. The first thing I did was using the commit id to look through the previous versions of the repo using the following commands

git log                 # To get all the commit id
git show [commit_id]    # To get the file changes for the respective commit id

commit_id

I couldn’t find anything useful after looking at the previous commits. So, I decided to check if there is any other branch and yes….it was there.

To look for local branches in an git repository use:

git branch

And to change to another branch use:

git checkout [branch_name]

In this case, we’ll be using

git checkout dbint

branch_change

After looking at the log using the git log command I found an interesting git commit message. I got the flag after using the git show [commit_id] command

flag

That’s it for this post. Happy Hacking!!

This post is licensed under CC BY 4.0 by the author.