~$ Advent of Cyber 2022 - Day 3

Posted on Dec. 3rd, 2022. | Est. reading time: 2 minutes

Author:
Unknown
Category:
Red Team: OSINT
Link:
TryHackMe

Question 1

What is the name of the Registrar for the domain santagift.shop?

We take a look using the ICANN Lookup website: https://lookup.icann.org/en/lookup

A screenshot of the ICANN website.ICANN be useful.

Answer: NAMECHEAP INC

Question 2

Find the website's source code (repository) on github.com and open the file containing sensitive credentials. Can you find the flag?

There it's just a matter of looking for the URL, and finding the oldest repository involved.

A screenshot of a GitHub search result.Plenty of valuable bits to search for.

There we look for interesting files, such as for example config.php.

A screenshot of a file in the GitHub repository named 'config.php'Oh no.

This produces a flag:

A screenshot of 'config.php', revealing a flag.My secretses.

Answer: {THM_OSINT_WORKS}

Question 3

What is the name of the file containing passwords?

(See Q2)

Answer: config.php

Question 4

What is the name of the QA server associated with the website?

If we scroll down in the file a bit, we can see the following:

A screenshot of hardcoded credentials.This somehow got worse.

Answer: qa.santagift.shop

Question 5

What is the DB_PASSWORD that is being reused between the QA and PROD environments?

(See Q4)

Answer: S@nta2022


Return to the Index