Lab: Information disclosure in version control history

info :

This lab discloses sensitive information via its version control history.

Goal:

To solve the lab, obtain the password for the administrator user then log in and delete the user carlos.

First ting the lab told us we need to admin password to solve the lab and it’s told us

we have senstive info in version control for me i asked chatgpt what’s the version control history

he told me it’s the all control version history all changes for anything on the project like Git and asked him where this version control located

he told me in .git folder most of developer located it here

so i go the lab an go to the git like this

https://domain_lab/.git

ohh it’s amazing it show us all things i go to the COMMIT_EDITMSG

if i saw any changes but i show that

oops the password is removed so will install all git to show all past changes

i go to my kali and do some command

wget -r https://domain_lab/.git