HackTheBox: Forensics Challenge, Illumination Walkthrough
A Junior Developer just switched to a new source control platform. Can you find the secret token?
I started by unzipping the downloaded folder but there was not anything! I tried to see if there is a hidden files or not and there was
so by going to the hidden directory which is .git and reading, I figured out the developer mistake!
Developer’s log is with me! so just getting the log by
git log
the log appeared
taking the log and tried to see what he did by
git show “log”
Author: SherlockSec <dan@lights.htb>
Date: Fri May 31 12:00:54 2019 +0100Thanks to contributors, I removed the unique token as it was a security risk. Thanks for reporting responsibly!
diff — git a/config.json b/config.json
index 316dc21..6735aa6 100644
— — a/config.json
+++ b/config.json
@@ -1,6 +1,6 @@
{
- “token”: “SFR***************”,
+ “token”: “Replace me with token when in use! Security Risk!”,
“prefix”: “~”,
“lightNum”: “1337”,
“username”: “UmVkIEhlcnJpbmcsIHJlYWQgdGhlIEpTIGNhcmVmdWxseQ==”,
that was the full response.
I got the token and decoded and the flag appeared
