Continuing with the DevOps theme. Today I will be trying out some of the DevSecOps labs that are offered by https://www.attackdefense.com. Follow the blue dots.
Basic nmap 192.xxx.xxx.2-10 ping scan to identify our target
Now that we know our target IP. Lets look at the lab objectives:
As the port scan shows us – port 80 is open on our target. So lets focus there. As usual, first step is to look for discovereable content. Lets use DIRB and see if there is any low hanging fruit that could contain a password.
Bingo! “.Git” that’s our focus.
Head over to https://github.com/internetwache/GitTools and clone it locally. This is the toolkit we are going to use to complete to rest of the lab. The idea here is to first dump git to our local machine, extract it and look for a password (hopefully left in the repo)
We have extracted our dump taken from the web server at port 80. Its time to look for potentially sensitive files.
Config.php – Bingo!