Elf #7 - Sparkle Redberry - Dev Ops Fail Cranberry Pi terminal


Sparkle Redberry: Dev Ops Fail Cranberry Pi terminal

Hints given:
https://en.internetwache.org/dont-publicly-expose-git-or-how-we-downloaded-your-websites-sourcecode-an-analysis-of-alexas-1m-28-07-2015/
https://gist.github.com/hofmannsven/6814451


Coalbox again, and I've got one more ask.
Sparkle Q. Redberry has fumbled a task.
Git pull and merging, she did all the day;
With all this gitting, some creds got away.

Urging - I scolded, "Don't put creds in git!"
She said, "Don't worry - you're having a fit.
If I did drop them then surely I could,
Upload some new code done up as one should."

Though I would like to believe this here elf,
I'm worried we've put some creds on a shelf.
Any who's curious might find our "oops,"
Please find it fast before some other snoops!

Find Sparkle's password, then run the runtoanswer tool.


The challenge can be accessed directly here:
https://docker.kringlecon.com/?challenge=gitpasshist


Recursively search all files on the file system for the text "password", starting from the root folder "/", and excluding a few system directories and redirecting errors to /dev/null (this effectively prevents errors from this command from displaying on the screen)

elf@b5751e70d4a6:~$ grep --exclude-dir={sys,proc,boot,dev,lost+found} -rnw '/' -e "password" 2>/dev/null
Binary file /lib/x86_64-linux-gnu/libpam.so.0.83.1 matches
Binary file /lib/x86_64-linux-gnu/libc-2.24.so matches
Binary file /lib/x86_64-linux-gnu/security/pam_exec.so matches
Binary file /lib/x86_64-linux-gnu/security/pam_unix.so matches
Binary file /lib/x86_64-linux-gnu/security/pam_stress.so matches
Binary file /lib/x86_64-linux-gnu/security/pam_pwhistory.so matches
Binary file /lib/x86_64-linux-gnu/security/pam_ftp.so matches
Binary file /lib/x86_64-linux-gnu/security/pam_userdb.so matches
/home/elf/kcconfmgmt/.git/logs/refs/heads/master:9:b2376f4a93ca1889ba7d947c2d14be9a5d138802 60a2ffea7520ee980a5fc60177ff4d0633f2516b Sparkle Redberry <sredberry@kringlecon.com> 1541729463 -0500     commit: Per @tcoalbox admonishment, removed username/password from config.js, default settings in config.js.def need to be updated before use

-- REMAINING OUTPUT TRUNCATED --

List the directories, looking for the .git folder

elf@b5751e70d4a6:~$ ls -al
total 5832
drwxr-xr-x 1 elf  elf     4096 Dec 14 16:30 .
drwxr-xr-x 1 root root    4096 Dec 14 16:30 ..
-rw-r--r-- 1 elf  elf      220 May 15  2017 .bash_logout
-rw-r--r-- 1 elf  elf     1836 Dec 14 16:13 .bashrc
-rw-r--r-- 1 elf  elf      675 May 15  2017 .profile
drwxr-xr-x 1 elf  elf     4096 Nov 14 09:48 kcconfmgmt
-rwxr-xr-x 1 elf  elf  5944352 Dec 14 16:13 runtoanswer
elf@b5751e70d4a6:~$ cd kcconfmgmt/
elf@b5751e70d4a6:~/kcconfmgmt$ ls -al
total 72
drwxr-xr-x 1 elf elf  4096 Nov 14 09:48 .
drwxr-xr-x 1 elf elf  4096 Dec 14 16:30 ..
drwxr-xr-x 1 elf elf  4096 Nov 14 09:48 .git
-rw-r--r-- 1 elf elf    66 Nov  1 15:30 README.md
-rw-r--r-- 1 elf elf  1074 Nov  3 20:28 app.js
-rw-r--r-- 1 elf elf 31003 Nov 14 09:46 package-lock.json
-rw-r--r-- 1 elf elf   537 Nov 14 09:48 package.json
drwxr-xr-x 1 elf elf  4096 Nov  2 15:05 public
drwxr-xr-x 1 elf elf  4096 Nov  2 15:05 routes
drwxr-xr-x 1 elf elf  4096 Nov 14 09:47 server
drwxr-xr-x 1 elf elf  4096 Nov  2 15:05 views
elf@b5751e70d4a6:~/kcconfmgmt$

Search the git log for changes to the file 'config.js'

elf@b5751e70d4a6:~/kcconfmgmt$ git log --all --full-history -- **/config.js.*
commit 60a2ffea7520ee980a5fc60177ff4d0633f2516b
Author: Sparkle Redberry <sredberry@kringlecon.com>
Date:   Thu Nov 8 21:11:03 2018 -0500

    Per @tcoalbox admonishment, removed username/password from config.js, default settings in config.js.def ne
ed to be updated before use
elf@b5751e70d4a6:~/kcconfmgmt$

Use the 'git show' command to display the commit change for commit number '60a2ffea7520ee980a5fc60177ff4d0633f2516b'

elf@b5751e70d4a6:~/kcconfmgmt$ git show 60a2ffea7520ee980a5fc60177ff4d0633f2516b
commit 60a2ffea7520ee980a5fc60177ff4d0633f2516b
Author: Sparkle Redberry <sredberry@kringlecon.com>
Date:   Thu Nov 8 21:11:03 2018 -0500

    Per @tcoalbox admonishment, removed username/password from config.js, default settings in config.js.def ne
ed to be updated before use

diff --git a/server/config/config.js b/server/config/config.js
deleted file mode 100644
index 25be269..0000000
--- a/server/config/config.js
+++ /dev/null
@@ -1,4 +0,0 @@
-// Database URL
-module.exports = {
-    'url' : 'mongodb://sredberry:twinkletwinkletwinkle@127.0.0.1:27017/node-api'
-};
diff --git a/server/config/config.js.def b/server/config/config.js.def
new file mode 100644
index 0000000..740eba5
--- /dev/null
+++ b/server/config/config.js.def
@@ -0,0 +1,4 @@
+// Database URL
+module.exports = {
+    'url' : 'mongodb://username:password@127.0.0.1:27017/node-api'
+};
elf@b5751e70d4a6:~/kcconfmgmt$

And finally, submit the password

elf@b5751e70d4a6:~/kcconfmgmt$ ../runtoanswer 
Loading, please wait......



Enter Sparkle Redberry's password: twinkletwinkletwinkle


This ain't "I told you so" time, but it's true:
I shake my head at the goofs we go through.
Everyone knows that the gits aren't the place;
Store your credentials in some safer space.

Congratulations!

elf@b5751e70d4a6:~/kcconfmgmt$