Hack the Box - Illumination
Case Overview: Junior Developer just switched to a new source control platform. Can you find the secret token?
Download the file and verify the integrity of the file by checking the hash. We can do this by right clicking on the zip file and selecting
CRC SHA > SHA-256.
Once the hash is verified, go ahead and unzip the file.
The unzipped folder will be titled "Illumination". If you have hidden items out of view, you will notice two files: bot.js and config.js. Go to your folder view settings and select "Show Hidden Items". This will allow us to see the hidden folder titled ".git".
Before exploring the .git folder, I opened and explored both bot.js and config.js. You can open these files in any text editor of your choice. My two favorites are Sublime and Visual Studio Code.
After opening bot.js, I quickly realize we are working with a Discord Bot. Below is a screenshot of both files.
I was naturally curious about the base64 code under the username field, so I used CyberChef to decode it. The decoded message said "Red Herring, read the JS carefully". A red herring is something that distracts you, but it also gave me some important information. So, I decided to go back and closely examine the code again.
If you go back to the config.json file, you will notice that there is no value under token as it is a security risk.
I continue examining each file in the .git folder.
The COMMIT_EDITMSG file reveals that the user eliminated the unique token as it posed a security threat. This might be a bit perplexing for individuals who are not familiar with git. Nevertheless, I think it is possible to understand the situation even if you have never used Git before.
Now that I know the token was previously in the code, the log file within the .git folder is much more appealing. Perhaps we will find more information regarding that change (commit).
Open up a terminal in the .git folder. To view git logs run
The output will give us information about each commit. Each commit has a unique identifier, and is what we need to keep track of to see the specific changes made. The unique identifier is commonly refered to as a "commit hash", "Git commit reference", or "Git commit SHA".
To gather more details about that particular commit, we can execute the command `git show 47241a47f62ada864ec74bd6dedc4d33f4374699`` which will display additional information.
The expanded commit log displays what the value was before the user altered it. It appears that the original token value was in base64. We can copy and paste this string into CyberChef to retrieve our flag.
A bit about version control:
Version control is a system that keeps track of changes made to files over time, allowing developers and other users to easily manage different versions of a file and roll back to previous versions if necessary. This is particularly important in cybersecurity as it allows IT professionals to track any changes made to their systems, especially in case of any security breaches.
Having version control in place allows cybersecurity professionals to quickly identify the root cause of a security incident and determine the extent of the damage. It also allows them to quickly rollback to a previous version of the system, effectively undoing any changes made by an attacker.
Additionally, Version control also allows for better collaboration among teams and enables faster and more effective incident response. With version control, multiple team members can work on different parts of the same system simultaneously without interfering with each other's work. The team can easily merge their work together and track any issues that arise.
Version control is also important for compliance with various regulations that require organizations to maintain records of changes made to their systems, including changes to security measures.
Overall, version control provides an important layer of security and control for IT professionals, allowing them to more effectively maintain the security of their systems and respond to incidents.