Sparkle Redberry: Dev Ops Fail
![](/hh2018//assets/img/elves/sparkle/avatar.png)
The Elf's Request
![](/hh2018//assets/img/elves/sparkle/question.png)
The Terminal Riddle
![](/hh2018//assets/img/elves/sparkle/riddle.png)
The Solution
Since this is a terminal, I can’t use TruffleHog. So, will look at Git History. Likely look for “password”
Doing a directory listing, I see a directory called kcconfmgmt
![](/hh2018/assets/img/elves/sparkle/1.png)
Inside that directory is a .git project
![](/hh2018/assets/img/elves/sparkle/2.png)
Since the hint says that the creds in question are in Git, but were overwritten, we will try and figure out from the git log
when the file was changed.
![](/hh2018/assets/img/elves/sparkle/3.png)
Its easy to see that 60a2ffea7520ee980a5fc60177ff4d0633f2516b
commit message states
Author: Sparkle Redberry <sredberry@kringlecon.com>
Date: Thu Nov 8 21:11:03 2018 -0500
Per @tcoalbox admonishment, removed username/password from config.js, default settings i
n config.js.def need to be updated before use
Thus, we need to checkout the git commit right before that one at b2376f4a93ca1889ba7d947c2d14be9a5d138802
![](/hh2018/assets/img/elves/sparkle/4.png)
The commit message says the file config.js was changed, so look for that file with find
and then cat
the file.
![](/hh2018/assets/img/elves/sparkle/5.png)
username is sredberry
password is twinkletwinkletwinkle
Terminal Success
![](/hh2018//assets/img/elves/sparkle/success.png)
The Hint
![](/hh2018//assets/img/elves/sparkle/hint.png)