NCS Competition 2021 Writeup
Search…
NCS Competition 2021 Writeup
HHousen National Cyber Scholarship Competition 2021 Writeup
Forensics
Crypto
Binary
Networking
Web
WX01 - 1000pts
WE01 - 100pts
WE02 - 100pts
WH01 - 500pts
WH02 - 500pts
WM01 - 250pts
WM02 - 250pts
WM03 - 250pts
WM04 - 250pts
WM05 - 250pts
Challenge Name
Powered By GitBook
WH02 - 500pts

Briefing

Access the site at https://cfta-wh02.allyourbases.co and find a way to get the flag.

Solution

  1. 1.
    We can try directory bruteforcing because the website source code does not reveal anything. Let's use gobuster: gobuster dir -u https://cfta-wh02.allyourbases.co/ -t 200 --exclude-length 16 -w /usr/share/wordlists/dirb/common.txt. We exclude the length 16 because 404 pages return HTTP status code 403 and have a length of 16. Running the command finds /.git/HEAD, which means there is a publicly facing git repository on the website.
  2. 2.
    We can download the git repo with wget -r -np -R "index.html*" https://cfta-wh02.allyourbases.co/.git/. Run git checkout -- . to restore index.html since we only download the .git/ folder, not the entire working directory.
  3. 3.
    Run git log to look for previous commits. Sure enough there is one previous commit. Run git checkout 80e789704ddca67d772dbc34de1088e8c1917e9d to revert to that previous version. There is now a setup.sh file. cat setup.sh shows the flag FLAG="giTisAGreat_ResoURCe8337"

Flag

giTisAGreat_ResoURCe8337
Previous
WH01 - 500pts
Next
WM01 - 250pts
Last modified 1yr ago
Copy link
Contents
Briefing
Solution
Flag