Welcome back guys to another blog on AOC 2022 day 3. Just like yesterday, they released a new task around 10 pm. So here I am writing this blog around 10:50 pm. So, without any further delay, let's do this.
Nothing escapes detective McRed
This room is mainly focusing on OSINT. Open-source intelligence (OSINT) is the collection and analysis of data gathered from open sources (covert and publicly available sources) to produce actionable intelligence. Think of it like you are stalking someone on their social media accounts for gathering more and more information. We also use google dorking for this. Google Dorking is a search string or custom query that uses advanced search operators to find information not readily available on a website. That means you can advance your search results with google dorks. You can learn more about it on google. Now, Let's move to today's task.
Question1
So we need to find the Registrar for the domain santagift.shop.Search whois lookup on google. A Whois domain lookup allows you to trace the ownership and tenure of a domain name. When you enter the domain name in the search bar of whois lookup, you can see the registrar name.
Question2
Now we need to search the flag on github. Don't worry you don't need any GitHub account for this. Go to GitHub and enter the above domain on GitHub's search bar.
Well, this is the repository. let's try to find our flag. Open every file you see in this repository. Got the flag? Yes, it is in config.php
Question3
We need to find a file containing passwords. Scroll down the config.php file.
It's in config.php.
Question4
We need to file the name of qa server. Check this config file again. Did you find anything? No! Ok then let's search into other files. Check in readme.md . Yes, it's there.
Question5
Now, we need to find the DB Password. All the passwords were in config.php. Let's search for our password in that file.
If you know a little bit of PHP, you can understand that the password here is S@nta2022.
Question6
They are recommending you a room on google Dorking.
Congratulations !! we completed this task. New task will be added tomorrow. Till then you can follow me here for upcoming blogs on the advent of cyber 2022. In the end, you will get a certificate from tryhackme for completing this challenge.
Keep learning and keep spreading Knowledge.