Skip to content

THM - Advent of Cyber 2022 - Day 3


Difficulty: ⭐
Challenge Link
OS: Linux

Q: What is the name of the Registrar for the domain santagift.shop?

We can solve this by just doing a simple "whois" lookup on the domain provided. We can dwindle the information down by just grepping for "Registrar" as the question asks.

┌──(kali㉿kali)-[~]
└─$ whois santagift.shop | grep Registrar
image-title-here

Answer
NAMECHEAP INC

Q: Find the website's source code (repository) on github.com and open the file containing sensitive credentials. Can you find the flag?

We could use some type of GithubAPI parser tool but, when I did a simple search in Github and only a single repository popped up. The words "config" always tend to draw my eyes to them.

Answer

check config.php

What is the name of the file containing passwords?

The filename of the place we found the above flag.

Answer

config.php

Q: What is the name of the QA server associated with the website?

"CTRL+F" is your friend. A search for "qa".

Answer

qa.santagift.shop

Q: What is the DB_PASSWORD that is being reused between the QA and PROD environments?

Some the recon courses over the years have told me the config files are normally juicy. Well sure enough there goes the password blatantly obvious. Search for "db"

Answer

S@nta2022

Q: Check out this room if you'd like to learn more about Google Dorking!

No Required Input but, The course on Google Dorking is definitely worth it.