# WH02 - 500pts ## Briefing > Access the site at and find a way to get the flag. ## Solution 1. We can try directory bruteforcing because the website source code does not reveal anything. Let's use `gobuster`: `gobuster dir -u https://cfta-wh02.allyourbases.co/ -t 200 --exclude-length 16 -w /usr/share/wordlists/dirb/common.txt`. We exclude the length `16` because 404 pages return HTTP status code 403 and have a length of 16. Running the command finds `/.git/HEAD`, which means there is a publicly facing git repository on the website. 2. We can download the git repo with `wget -r -np -R "index.html*" https://cfta-wh02.allyourbases.co/.git/`. Run `git checkout -- .` to restore `index.html` since we only download the `.git/` folder, not the entire working directory. 3. Run `git log` to look for previous commits. Sure enough there is one previous commit. Run `git checkout 80e789704ddca67d772dbc34de1088e8c1917e9d` to revert to that previous version. There is now a `setup.sh` file. `cat setup.sh` shows the flag `FLAG="giTisAGreat_ResoURCe8337"` ### Flag `giTisAGreat_ResoURCe8337` --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://ncs2021.haydenhousen.com/web/wh02.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.