This lab discloses sensitive information via its version control history. To solve the lab, obtain the password for the administrator user then log in and delete the user carlos | Karthikeyan Nagaraj

Karthikeyan Nagaraj

Follow

2 min read

·

Feb 4, 2024

Listen

Share

Description

This lab discloses sensitive information via its version control history. To solve the lab, obtain the password for the administrator user then log in and delete the user carlos.

Solution

1. Use the below command to download the .git of the server
   wget -r https://YOUR-LAB-ID.web-security-academy.net/.git/
2. cd into the directory, cd into .git and cd into logs
3. cat HEAD and note the commit ID that displays “Remove admin password from config”
4. Type git show COMMITID it will show the password of Admin.
5. Use the Password to Log in to the Admin Account and delete user Carlos to solve the Lab.

A YouTube Channel for Cybersecurity Lab’s Poc and Write-ups

Telegram Channel for Free Ethical Hacking Dumps

Thank you for Reading!

Happy Ethical Hacking ~

Author: Karthikeyan Nagaraj ~ Cyberw1ng