{"id":209,"date":"2019-01-17T04:33:15","date_gmt":"2019-01-17T04:33:15","guid":{"rendered":"https:\/\/mrjsec.co.uk\/blog\/?p=209"},"modified":"2019-01-17T04:33:21","modified_gmt":"2019-01-17T04:33:21","slug":"sparkle-redberry-dev-ops-fail-cranberry-pi-terminal","status":"publish","type":"post","link":"https:\/\/mrjsec.co.uk\/blog\/sparkle-redberry-dev-ops-fail-cranberry-pi-terminal\/","title":{"rendered":"
Sparkle Redberry – Dev Ops Fail Cranberry Pi terminal<\/center>"},"content":{"rendered":"\n

We speak to Sparkle Redberry, who explains they had at one point by mistake saved there credentials “password” and updated there git project with it.<\/p>\n\n\n\n

Later on, Sparkle Redberry removed the password and re-updated there git project. <\/p>\n\n\n\n

However, was unsure if you were still able to find it or not, even so, they updated their git project with it removed, you’re given a hint to a git page “My simply Git Cheatsheet<\/a>” and to be honest, this is all you need.<\/p>\n\n\n\n

“Coalbox again, and I’ve got one more ask.
\nSparkle Q. Redberry has fumbled a task.
\nGit pull and merging, she did all the day;
\nWith all this gitting, some creds got away.
\nUrging – I scolded, “Don’t put creds in git!”
\nShe said, “Don’t worry – you’re having a fit.
\nIf I did drop them then surely I could,
\nUpload some new code done up as one should.”
\nThough I would like to believe this here elf,
\nI’m worried we’ve put some creds on a shelf.
\nAny who’s curious might find our “oops,”
\nPlease find it fast before some other snoops!”<\/p>\n\n\n\n

We need to “Find Sparkle’s password, then run the run to answer tool”.<\/p>\n\n\n\n

First thing is the first cd to the git project folder on the local system and use “git log -p”. Note: Maybe there is a more natural method, but I went with this as there wasn’t much to look.<\/p>\n\n\n\n


Once you run “git log -p” you get a bunch of text, it shows what changes where made and I just went down the list until I saw something that looked like a password.<\/p>\n\n\n\n

\"\"<\/figure><\/div>\n\n\n\n

Not too far down I came across a MongoDB URL which was User: Pass, copying the password “twinkletwinkletwinkle” and then running “\/home\/elf\/.\/runtoanswer” with the password, we complete the challenge.<\/p>\n\n\n\n

\"\"<\/figure><\/div>\n\n\n\n

<\/p>\n","protected":false},"excerpt":{"rendered":"

We speak to Sparkle Redberry, who explains they had at one point by mistake saved there credentials “password” and updated there git project with it. Later on, Sparkle Redberry removed the password and re-updated there…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[10],"tags":[13,14,12],"class_list":["post-209","post","type-post","status-publish","format-standard","hentry","category-kringlecon-2018","tag-13","tag-ctf","tag-kringlecon"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/paD3U6-3n","_links":{"self":[{"href":"https:\/\/mrjsec.co.uk\/blog\/wp-json\/wp\/v2\/posts\/209","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/mrjsec.co.uk\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mrjsec.co.uk\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mrjsec.co.uk\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/mrjsec.co.uk\/blog\/wp-json\/wp\/v2\/comments?post=209"}],"version-history":[{"count":1,"href":"https:\/\/mrjsec.co.uk\/blog\/wp-json\/wp\/v2\/posts\/209\/revisions"}],"predecessor-version":[{"id":212,"href":"https:\/\/mrjsec.co.uk\/blog\/wp-json\/wp\/v2\/posts\/209\/revisions\/212"}],"wp:attachment":[{"href":"https:\/\/mrjsec.co.uk\/blog\/wp-json\/wp\/v2\/media?parent=209"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mrjsec.co.uk\/blog\/wp-json\/wp\/v2\/categories?post=209"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mrjsec.co.uk\/blog\/wp-json\/wp\/v2\/tags?post=209"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}