Level Goal
There is a git repository at ssh://bandit30-git@localhost/home/bandit30-git/repo. The password for the user bandit30-git is the same as for the user bandit30.

Clone the repository and find the password for the next level.

Walkthrough
So we have to remake our folder in the tmp directory because it got deleted. $ mkdir /tmp/kadeeli. Its time to clone the repository listed in the exercise. $ git clone ssh://bandit30-git@localhost/home/bandit30-git/repo

Lets see what is in this repository, There is an file README.md. Lets see what is in there $ cat /tmp/kadeeli/repo/README.md.

just an epmty file... muahaha

Okay interesting. We can check the branches with the command git show-branch --all. But there is nothing interesting as far as I can see. By using $ git log we can see the history of commits. But again nothing interesting, just 1 initial commit.

So I where looking in the .git folder for any files since I had read an article earlier with recovering files from a git repository. I found an file with packed-refs that referred with an hash to refs/tags/secret. The secret has to be something. cat .git/packed-refs gave the following output:

# pack-refs with: peeled fully-peeled
3aa4c239f729b07deb99a52f125893e162daac9e refs/remotes/origin/master
f17132340e8ee6c159e0a4a6bc6f80e1da3b1aea refs/tags/secret

So I googled about tags in git.

Tags are ref's that point to specific points in Git history. Tagging is generally used to capture a point in history that is used for a marked version release (i.e. v1.0.1). A tag is like a branch that doesn't change. Unlike branches, tags, after being created, have no further history of commits.

So this means it is like a branch without history in commits. How can I see or go to these? I came up on this Stackoverflow topic. I could use git show-ref --tags -d and git show --name-only .

So lets try $ git show --name-only secret

47e603bb428404d265f59c42920d81e5

there is the password

Leave a Reply

Your email address will not be published. Required fields are marked *