~$ Advent of Cyber 2022 - Day 3
Question 1
What is the name of the Registrar for the domain santagift.shop?
We take a look using the ICANN Lookup website: https://lookup.icann.org/en/lookup
![A screenshot of the ICANN website.](assets/images/walkthrough/thm/aoc-2022/day03/1.png)
Answer: NAMECHEAP INC
Question 2
Find the website's source code (repository) on github.com and open the file containing sensitive credentials. Can you find the flag?
There it's just a matter of looking for the URL, and finding the oldest repository involved.
![A screenshot of a GitHub search result.](assets/images/walkthrough/thm/aoc-2022/day03/2.1.png)
There we look for interesting files, such as for example config.php
.
![A screenshot of a file in the GitHub repository named 'config.php'](assets/images/walkthrough/thm/aoc-2022/day03/2.2.png)
This produces a flag:
![A screenshot of 'config.php', revealing a flag.](assets/images/walkthrough/thm/aoc-2022/day03/2.3.png)
Answer: {THM_OSINT_WORKS}
Question 3
What is the name of the file containing passwords?
(See Q2)
Answer: config.php
Question 4
What is the name of the QA server associated with the website?
If we scroll down in the file a bit, we can see the following:
![A screenshot of hardcoded credentials.](assets/images/walkthrough/thm/aoc-2022/day03/4.png)
Answer: qa.santagift.shop
Question 5
What is the DB_PASSWORD that is being reused between the QA and PROD environments?
(See Q4)
Answer: S@nta2022