Attack Defense – DevSecOps

Continuing with the DevOps theme. Today I will be trying out some of the DevSecOps labs that are offered by https://www.attackdefense.com. Follow the blue dots.

Target Discovery

Basic nmap 192.xxx.xxx.2-10 ping scan to identify our target

nmap 192.xxx.xxx.2-10

Target IP:192.xxx.xxx.3

.GIT

Now that we know our target IP. Lets look at the lab objectives:

As the port scan shows us – port 80 is open on our target. So lets focus there. As usual, first step is to look for discovereable content. Lets use DIRB and see if there is any low hanging fruit that could contain a password.

dirb http://192.xxx.xxx.3

Bingo! “.Git” that’s our focus.

Head over to https://github.com/internetwache/GitTools and clone it locally. This is the toolkit we are going to use to complete to rest of the lab. The idea here is to first dump git to our local machine, extract it and look for a password (hopefully left in the repo)

Dumping

./gitdumper.sh 192.125.70.3/.git/ dump

Extracting

./extractor.sh /root/tools/GitTools/Dumper/dump/ extract

Config.php

We have extracted our dump taken from the web server at port 80. Its time to look for potentially sensitive files.

Config.php – Bingo!

Done

Leave a Reply

Your email address will not be published. Required fields are marked *