Internetwache CTF 2016 — Web80–0ldsk00lBlog

Navigating to the challenge page shows a super plain, simple HTML Blog post. There was not much to work on, but one the blog posts happens to mention the owner’s use of git.

I suspect he doesn’t know how to use git well. I certainly don’t.

A quick google actually brought me to an Internetwache post where they gave me all of the knowledge and tools I needed for the challenge (Thanks Internetwache!) The post mentions checking /.git/HEAD to detect an exposed git repo on a site. Sure enough…

Oh hay there git

The Internetwache post goes on to explain the use of their GitTools for the discovery, download and extraction of exposed git repositories. Running the tools and grepping for the “IW{“ prefix to flags showed me what I wanted to see.

Dumping the .git objects

Extracting the git repo

Grep’in that flag

I love kittens. I love flags. I love git.