Challenge Description

A Junior Developer just switched to a new source control platform. Can you find the secret token?

Provided Files

$ ls -la
total 20
drwxr-xr-x 3 kali kali 4096 May 30  2019 .
drwxr-xr-x 3 kali kali 4096 Jan  7 16:25 ..
-rw-r--r-- 1 kali kali 2635 May 30  2019 bot.js
-rw-r--r-- 1 kali kali  199 May 30  2019 config.json
drwxr-xr-x 7 kali kali 4096 May 30  2019 .git

Solution

The secret token can be found in the Commit History of the provided project:

$ git log -p

<SNIP>
commit 47241a47f62ada864ec74bd6dedc4d33f4374699
Author: SherlockSec <dan@lights.htb>
Date:   Fri May 31 12:00:54 2019 +0100

    Thanks to contributors, I removed the unique token as it was a security risk. Thanks for reporting responsibly!

diff --git a/config.json b/config.json
index 316dc21..6735aa6 100644
--- a/config.json
+++ b/config.json
@@ -1,6 +1,6 @@
 {

-       "token": "SFRCe3YzcnNpMG5fYzBudHIwbF9hbV9JX3JpZ2h0P30=",
+       "token": "Replace me with token when in use! Security Risk!",
        "prefix": "~",
        "lightNum": "1337",
        "username": "UmVkIEhlcnJpbmcsIHJlYWQgdGhlIEpTIGNhcmVmdWxseQ==",
<SNIP>

The token seems to be Base64 encoded.

Once decoded we get the flag:

$ echo "SFRCe3YzcnNpMG5fYzBudHIwbF9hbV9JX3JpZ2h0P30=" | base64 -d
HTB{v3r*********************ht?}

Challenge Description#

Provided Files#

Solution#

Challenge Description

Provided Files

Solution