Internetwache CTF 2016 — Web80–0ldsk00lBlog
Navigating to the challenge page shows a super plain, simple HTML Blog post. There was not much to work on, but one the blog posts happens to mention the owner’s use of git.
A quick google actually brought me to an Internetwache post where they gave me all of the knowledge and tools I needed for the challenge (Thanks Internetwache!) The post mentions checking /.git/HEAD to detect an exposed git repo on a site. Sure enough…
The Internetwache post goes on to explain the use of their GitTools for the discovery, download and extraction of exposed git repositories. Running the tools and grepping for the “IW{“ prefix to flags showed me what I wanted to see.
I love kittens. I love flags. I love git.