API tools faq
paste
Guest User

elf-7

a guest
Jan 8th, 2019
69
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 7.58 KB | None | 0 0
raw download clone embed print report
  1. <!DOCTYPE html><head><link rel="stylesheet" href="style.css" type="text/css" media="all"/><style type="text/css">.code-black-background{color:#e0e0e0;background-color:#1f1f1f;}</style></head><body><div class="entry-title entry-title-no-feat-img">
  2. <a href="https://www.jollyfrogs.com/elf-7-sparkle-redberry-dev-ops-fail/" title="Permalink to Elf #7 - Sparkle Redberry - Dev Ops Fail Cranberry Pi terminal" rel="bookmark">
  3. <h1>Elf #7 - Sparkle Redberry - Dev Ops Fail Cranberry Pi terminal</h1>
  4. </a>
  5. </div><div class="entry-content">
  6. <figure class="wp-block-image">
  7. <img src="gitpasshist.gif" alt="" class="wp-image-786">
  8. </figure>
  9. <hr class="wp-block-separator">
  10.  
  11. <h2>Sparkle Redberry: Dev Ops Fail Cranberry Pi terminal</h2>
  12.  
  13. <p></p>
  14. <div style="height:20px" aria-hidden="true" class="wp-block-spacer"></div>
  15. <p>Hints given:
  16. <br>https://en.internetwache.org/dont-publicly-expose-git-or-how-we-downloaded-your-websites-sourcecode-an-analysis-of-alexas-1m-28-07-2015/
  17. <br>https://gist.github.com/hofmannsven/6814451</p>
  18. <p>
  19. <br>
  20. </p>
  21. <p>Coalbox again, and I&apos;ve got one more ask.
  22. <br>Sparkle Q. Redberry has fumbled a task.
  23. <br>Git pull and merging, she did all the day;
  24. <br>With all this gitting, some creds got away.
  25. <br>
  26. <br>Urging - I scolded, &quot;Don&apos;t put creds in git!&quot;
  27. <br>She said, &quot;Don&apos;t worry - you&apos;re having a fit.
  28. <br>If I did drop them then surely I could,
  29. <br>Upload some new code done up as one should.&quot;
  30. <br>
  31. <br>Though I would like to believe this here elf,
  32. <br>I&apos;m worried we&apos;ve put some creds on a shelf.
  33. <br>Any who&apos;s curious might find our &quot;oops,&quot;
  34. <br>Please find it fast before some other snoops!
  35. <br>
  36. <br>Find Sparkle&apos;s password, then run the runtoanswer tool.
  37. <br>
  38. </p>
  39. <hr class="wp-block-separator">
  40. <div style="height:20px" aria-hidden="true" class="wp-block-spacer"></div>
  41. <p>Recursively search all files on the file system for the text &quot;password&quot;,
  42. starting from the root folder &quot;/&quot;, and excluding a few system
  43. directories and redirecting errors to /dev/null (this effectively prevents
  44. errors from this command from displaying on the screen)</p>
  45. <pre class="wp-block-code code-black-background"><code>elf@b5751e70d4a6:~$ grep --exclude-dir={sys,proc,boot,dev,lost+found} -rnw &apos;/&apos; -e &quot;password&quot; 2&gt;/dev/null
  46. Binary file /lib/x86_64-linux-gnu/libpam.so.0.83.1 matches
  47. Binary file /lib/x86_64-linux-gnu/libc-2.24.so matches
  48. Binary file /lib/x86_64-linux-gnu/security/pam_exec.so matches
  49. Binary file /lib/x86_64-linux-gnu/security/pam_unix.so matches
  50. Binary file /lib/x86_64-linux-gnu/security/pam_stress.so matches
  51. Binary file /lib/x86_64-linux-gnu/security/pam_pwhistory.so matches
  52. Binary file /lib/x86_64-linux-gnu/security/pam_ftp.so matches
  53. Binary file /lib/x86_64-linux-gnu/security/pam_userdb.so matches
  54. /home/elf/kcconfmgmt/.git/logs/refs/heads/master:9:b2376f4a93ca1889ba7d947c2d14be9a5d138802 60a2ffea7520ee980a5fc60177ff4d0633f2516b Sparkle Redberry &lt;sredberry@kringlecon.com&gt; 1541729463 -0500 commit: Per @tcoalbox admonishment, removed username/password from config.js, default settings in config.js.def need to be updated before use
  55.  
  56. -- REMAINING OUTPUT TRUNCATED --</code></pre>
  57.  
  58. <div style="height:20px"
  59. aria-hidden="true" class="wp-block-spacer"></div>
  60. <p>List the directories, looking for the .git folder</p>
  61. <pre class="wp-block-code code-black-background"><code>elf@b5751e70d4a6:~$ ls -al
  62. total 5832
  63. drwxr-xr-x 1 elf elf 4096 Dec 14 16:30 .
  64. drwxr-xr-x 1 root root 4096 Dec 14 16:30 ..
  65. -rw-r--r-- 1 elf elf 220 May 15 2017 .bash_logout
  66. -rw-r--r-- 1 elf elf 1836 Dec 14 16:13 .bashrc
  67. -rw-r--r-- 1 elf elf 675 May 15 2017 .profile
  68. drwxr-xr-x 1 elf elf 4096 Nov 14 09:48 kcconfmgmt
  69. -rwxr-xr-x 1 elf elf 5944352 Dec 14 16:13 runtoanswer
  70. elf@b5751e70d4a6:~$ cd kcconfmgmt/
  71. elf@b5751e70d4a6:~/kcconfmgmt$ ls -al
  72. total 72
  73. drwxr-xr-x 1 elf elf 4096 Nov 14 09:48 .
  74. drwxr-xr-x 1 elf elf 4096 Dec 14 16:30 ..
  75. drwxr-xr-x 1 elf elf 4096 Nov 14 09:48 .git
  76. -rw-r--r-- 1 elf elf 66 Nov 1 15:30 README.md
  77. -rw-r--r-- 1 elf elf 1074 Nov 3 20:28 app.js
  78. -rw-r--r-- 1 elf elf 31003 Nov 14 09:46 package-lock.json
  79. -rw-r--r-- 1 elf elf 537 Nov 14 09:48 package.json
  80. drwxr-xr-x 1 elf elf 4096 Nov 2 15:05 public
  81. drwxr-xr-x 1 elf elf 4096 Nov 2 15:05 routes
  82. drwxr-xr-x 1 elf elf 4096 Nov 14 09:47 server
  83. drwxr-xr-x 1 elf elf 4096 Nov 2 15:05 views
  84. elf@b5751e70d4a6:~/kcconfmgmt$</code></pre>
  85.  
  86. <div style="height:20px" aria-hidden="true"
  87. class="wp-block-spacer"></div>
  88. <p>Search the git log for changes to the file &apos;config.js&apos;</p>
  89. <pre
  90. class="wp-block-code code-black-background"><code>elf@b5751e70d4a6:~/kcconfmgmt$ git log --all --full-history -- **/config.js.*
  91. commit 60a2ffea7520ee980a5fc60177ff4d0633f2516b
  92. Author: Sparkle Redberry &lt;sredberry@kringlecon.com&gt;
  93. Date: Thu Nov 8 21:11:03 2018 -0500
  94.  
  95. Per @tcoalbox admonishment, removed username/password from config.js, default settings in config.js.def ne
  96. ed to be updated before use
  97. elf@b5751e70d4a6:~/kcconfmgmt$</code>
  98. </pre>
  99. <div style="height:20px" aria-hidden="true" class="wp-block-spacer"></div>
  100. <p>Use the &apos;git show&apos; command to display the commit change for
  101. commit number &apos;60a2ffea7520ee980a5fc60177ff4d0633f2516b&apos;</p>
  102. <pre
  103. class="wp-block-code code-black-background"><code>elf@b5751e70d4a6:~/kcconfmgmt$ git show 60a2ffea7520ee980a5fc60177ff4d0633f2516b
  104. commit 60a2ffea7520ee980a5fc60177ff4d0633f2516b
  105. Author: Sparkle Redberry &lt;sredberry@kringlecon.com&gt;
  106. Date: Thu Nov 8 21:11:03 2018 -0500
  107.  
  108. Per @tcoalbox admonishment, removed username/password from config.js, default settings in config.js.def ne
  109. ed to be updated before use
  110.  
  111. diff --git a/server/config/config.js b/server/config/config.js
  112. deleted file mode 100644
  113. index 25be269..0000000
  114. --- a/server/config/config.js
  115. +++ /dev/null
  116. @@ -1,4 +0,0 @@
  117. -// Database URL
  118. -module.exports = {
  119. - &apos;url&apos; : &apos;mongodb://sredberry:twinkletwinkletwinkle@127.0.0.1:27017/node-api&apos;
  120. -};
  121. diff --git a/server/config/config.js.def b/server/config/config.js.def
  122. new file mode 100644
  123. index 0000000..740eba5
  124. --- /dev/null
  125. +++ b/server/config/config.js.def
  126. @@ -0,0 +1,4 @@
  127. +// Database URL
  128. +module.exports = {
  129. + &apos;url&apos; : &apos;mongodb://username:password@127.0.0.1:27017/node-api&apos;
  130. +};
  131. elf@b5751e70d4a6:~/kcconfmgmt$</code>
  132. </pre>
  133. <div style="height:20px" aria-hidden="true" class="wp-block-spacer"></div>
  134. <p>And finally, submit the password</p>
  135. <pre class="wp-block-code code-black-background"><code>elf@b5751e70d4a6:~/kcconfmgmt$ ../runtoanswer
  136. Loading, please wait......
  137.  
  138.  
  139.  
  140. Enter Sparkle Redberry&apos;s password: twinkletwinkletwinkle
  141.  
  142.  
  143. This ain&apos;t &quot;I told you so&quot; time, but it&apos;s true:
  144. I shake my head at the goofs we go through.
  145. Everyone knows that the gits aren&apos;t the place;
  146. Store your credentials in some safer space.
  147.  
  148. Congratulations!
  149.  
  150. elf@b5751e70d4a6:~/kcconfmgmt$</code></pre>
  151.  
  152. <div style="height:20px" aria-hidden="true"
  153. class="wp-block-spacer"></div>
  154. <div style="height:20px" aria-hidden="true" class="wp-block-spacer"></div>
  155. <div class="link-pages"></div>
  156. </div></body></html>
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!