Free AI web copilot to create summaries, insights and extended knowledge, download it at here

2550

Abstract

ster) Author: SherlockSec <[email protected]> Date: Fri May 31 14:16:43 2019 +0100</pre></div><div id="7300"><pre>Added some whitespace for readability!</pre></div><div id="6bee"><pre>commit 47241a47f62ada864ec74bd6dedc4d33f4374699 Author: SherlockSec <[email protected]> Date: Fri May 31 12:00:54 2019 +0100</pre></div><div id="d023"><pre>Thanks to contributors, I removed the unique token as it was a security risk. Thanks for reporting responsibly!</pre></div><div id="f9b2"><pre>commit ddc606f8fa05c363ea4de20f31834e97dd527381 Author: SherlockSec <[email protected]> Date: Fri May 31 09:14:04 2019 +0100</pre></div><div id="9d67"><pre>Added some more comments for the lovely contributors! Thanks for helping out!</pre></div><div id="9590"><pre>commit 335d6cfe3cdc25b89cae81c50ffb957b86bf5a4a Author: SherlockSec <[email protected]> Date: Thu May 30 22:16:02 2019 +0100</pre></div><div id="4724"><pre>Moving <span c

Options

lass="hljs-built_in">to Git, first time using it. First Commit!</pre></div>We see that in the commit message a token was supposedly removed.<ul><li>Let’s review each commit</li></ul><div id="9b62"><pre>> git log -p -2 </pre></div><div id="a755"><pre>commit 47241a47f62ada864ec74bd6dedc4d33f4374699 Author: SherlockSec <[email protected]> Date: Fri May 31 12:00:54 2019 +0100</pre></div><div id="77e6"><pre>Thanks to contributors, I removed the unique token as it was a security risk. Thanks for reporting responsibly!</pre></div><div id="76ff"><pre>diff --git a/config.json b/config.json index 316dc21..6735aa6 100644 --- a/config.json +++ b/config.json @@ -1,6 +1,6 @@ {

- "token": "SFRCe3YzcnNpMG5fYzBudHIwbF9hbV9JX3JpZ2h0P30=", + "token": "Replace me with token when in use! Security Risk!", "prefix": "~", "lightNum": "1337", "username": "UmVkIEhlcnJpbmcsIHJlYWQgdGhlIEpTIGNhcmVmdWxseQ==", (END)</pre></div>And the token decoded from base64 remains:<div id="07d7"><pre>echo "SFRCe3YzcnNpMG5fYzBudHIwbF9hbV9JX3JpZ2h0P30="|base64 -d</pre></div><div id="bae7"><pre>HTB{v3rsi0n_c0ntr0l_am_I_right?}</pre></div>That would be all.</article></body>

How to solve Illumination (Forensics)[HTB]

Step by step on how to solve this Forensics challenge

After downloading the zip file and unzipping it, we are left with the following structure:

> tree -a -L 2
.
├── bot.js
├── config.json
└── .git
 ├── COMMIT_EDITMSG
 ├── config
 ├── description
 ├── HEAD
 ├── hooks
 ├── index
 ├── info
 ├── logs
 ├── objects
 ├── ORIG_HEAD
 └── refs

6 directories, 8 files

If we see the config.json file:

> cat config.json 
{"token": "Replace me with token when in use! Security Risk!",
 "prefix": "~",
 "lightNum": "1337",
 "username": "UmVkIEhlcnJpbmcsIHJlYWQgdGhlIEpTIGNhcmVmdWxseQ==",
 "host": "127.0.0.1"
}

The username says Red Herring, read the JS carefully. Red Herring means this: a clue or piece of information which is or is intended to be misleading or distracting.

So, we will ignore the Red Herring thing.

Since we looked at a .git folder and the problem statement tells us something about using a new CVS, we can think of the typical git (and github) problem where some people push credentials to their repositories. Then they delete them but they don’t delete them from the history.

Let’s pull out our best git commands:

* Let’s check the commit history

> git log 
commit edc5aabf933f6bb161ceca6cf7d0d2160ce333ec (HEAD -> master)
Author: SherlockSec <[email protected]>
Date:   Fri May 31 14:16:43 2019 +0100

Added some whitespace for readability!

commit 47241a47f62ada864ec74bd6dedc4d33f4374699
Author: SherlockSec <[email protected]>
Date:   Fri May 31 12:00:54 2019 +0100

Thanks to contributors, I removed the unique token as it was a security risk. Thanks for reporting responsibly!

commit ddc606f8fa05c363ea4de20f31834e97dd527381
Author: SherlockSec <[email protected]>
Date:   Fri May 31 09:14:04 2019 +0100

Added some more comments for the lovely contributors! Thanks for helping out!

commit 335d6cfe3cdc25b89cae81c50ffb957b86bf5a4a
Author: SherlockSec <[email protected]>
Date:   Thu May 30 22:16:02 2019 +0100

Moving to Git, first time using it. First Commit!

We see that in the commit message a token was supposedly removed.

Let’s review each commit

> git log -p -2

commit 47241a47f62ada864ec74bd6dedc4d33f4374699
Author: SherlockSec <[email protected]>
Date:   Fri May 31 12:00:54 2019 +0100

Thanks to contributors, I removed the unique token as it was a security risk. Thanks for reporting responsibly!

diff --git a/config.json b/config.json
index 316dc21..6735aa6 100644
--- a/config.json
+++ b/config.json
@@ -1,6 +1,6 @@
 {
 
-       "token": "SFRCe3YzcnNpMG5fYzBudHIwbF9hbV9JX3JpZ2h0P30=",
+       "token": "Replace me with token when in use! Security Risk!",
        "prefix": "~",
        "lightNum": "1337",
        "username": "UmVkIEhlcnJpbmcsIHJlYWQgdGhlIEpTIGNhcmVmdWxseQ==",
(END)

And the token decoded from base64 remains:

echo "SFRCe3YzcnNpMG5fYzBudHIwbF9hbV9JX3JpZ2h0P30="|base64 -d

HTB{v3rsi0n_c0ntr0l_am_I_right?}

That would be all.