Noticed a new Git room ( https://tryhackme.com/room/githappens ) just as I was about to log off for the night with one flag to get so though what the hell, lets do it :)

Deploying the virtual machine and browsing to the default web port revels the following page.

OK we have a login box, looking at the page source it appears to be some encoded/obfuscated javascript.

Even though the room was called Git Happens I spent way to much time ( tired head ) trying to decode this.....................

A while later I remembered the room was git based and thought lets have a look if a .git directory exists........

Sure enough it exists, not being that familar with git I tried to clone it a number of ways until I broke out the trusty old wget command.

wget -m -k http://server-ip-address/.git/objects/

This then created a directory with the server ip address which I was able to change into. Once in this directory I was able to run git commands. The most useful of which was to list the history of commits.

git log

When reviewing the history a single commit stood out, I ran the below command against the commit to see what had changed.

git diff {REDACTED}

Sure enough this brought back the diff between the commits and revealed the clear text password.

Boom!! Another room done & definately time for some Zzz's