Prompt
One of our employee's computer was compromised and we saw this backup file leave the network, but we couldn't find anything other than a simple README.md file in it. Help us found out what information the hackers got.
Tutorial Video
Walk-Through
This challenge involves using git version control. Once you’ve downloaded the git_backup.zip file, you can unzip the directory using your favorite tool. You can unzip using Linux command line utility called unzip
like this:
unzip git_backup.zip
Once unzipped and inside the git_backup
directory, you can see that there is only 1 file named README.md in the directory and that this file does not contain particularly interesting content. However, if we use the -a
flag on the ls
command to show all files and directories, we can see that there is more to this directory than we originally thought.
The presence of the .git
directory means that this is a git repository and we can leverage the git
command to view and extract information.
If you’re not familiar with the git system or the git
command, you can check out Github’s Resources to learn Git page.
One of the first things we can do is check out the git log and see what “commits” have been committed into the repository and view any users that are active on this repository.
git log
Here, we immediately see 3 separate commits made by a “Greg Peterson” along with Greg’s email address listed as the author of these commits. Each commit in git is referenced by the commit hash which is a SHA1 hash.
Once we have these commits, we can actually inspect the changes that were made in each one of these commits by using the git show command, for example, if we wanted to check out the commit with the message “Backing up data” we can use the following command:
git show 438fa54ba62144ad84376635d957e5e73d89066e
where the SHA1 hash above is the commit hash used to reference that particular commit.
In the outputs of git show
, we can see that a flag was added in that particular commit. You may find that the flag was subsequently removed in the next commit.
After you inspect the remaining commits, you may find that there are no more files or information of interest. At this point, we should start looking at other ways that git can store revision information. Git has a system of “branches” to logically split out different parts of a particular repository. To find out what other branches are available, simply execute the following command
git branch
The output here shows that we are currently on the “master” branch and that a “next” branch exists for us to take a look at as well.
To switch over to the “next” branch, simply execute the following command
git checkout next
The output will affirm that you’ve successfully switched branches. From here, you can utilize the same techniques we discussed above to navigate around the directory or inspect previous commits to identify any files of interest. In this scenario, we find that a passwords.txt
file exists in the “next” branch. The contents of this file will contain the answers to the last two questions.
Questions
What is the email address of the employee who was compromised?
Each employee is assigned a flag. What is the flag that was compromised?
Greg thinks that he may have had additional account credentials that were compromised. What's the name of the service provider for that other compromised account?
What was the password on that compromised account?
©️ 2024 Cyber Skyline. All Rights Reserved. Unauthorized reproduction or distribution of this copyrighted work is illegal.