Git to the core

In this level we have a link to a GitLab repository, which is not accessible.

And embedded secret gist with so many forks (why so many forks?)

Turns out you can clone a gist and it has branches.

One of the branches of this commit has a link to a .git path with directory listing enabled.

http://51.15.92.102/.git/

Details on Yash’s CTF writeup.

But that’s not how got the path to .git directory. Being a curious person I first tried all the known links and IPs hosted in this CTF. One being on Level 6 – Do Not Serve (No I didn’t solve the levels in an order, not guilty). Copied IP I got from level 6 and checked open ports. Port 8080 is open but doesn’t have a .git directory. Port 80 is open but is password protected.

Viewing level’s page source reveals there is some obfuscated javascript code. I just copied it and ran in the developer console. It hanged my browser window.

Now you know why I am paranoid about executing unknown javascript code.

So I deobfustacted the javascript code and found an interesting base64 encoded string.

console.table("YWRtaW46QCMhbno0SiNtUiY0Y2g=");

Decoded it and it looks like a username:password
admin:@#!nz4J#mR&4ch

Used this username and password and I got the access to http://51.15.92.102/.git/

Downloaded this repository using git-dumper and checked the commits and got the code.

Entered the code in challenge page and got the flag.