Level 4 – Hackoween II #ZomatoCTF

Git to the core

In this level we have a link to a GitLab repository, which is not accessible.

And embedded secret gist with so many forks (why so many forks?)

Turns out you can clone a gist and it has branches.

One of the branches of this commit has a link to a .git path with directory listing enabled.

Details on Yash’s CTF writeup.

But that’s not how got the path to .git directory. Being a curious person I first tried all the known links and IPs hosted in this CTF. One being on Level 6 – Do Not Serve (No I didn’t solve the levels in an order, not guilty). Copied IP I got from level 6 and checked open ports. Port 8080 is open but doesn’t have a .git directory. Port 80 is open but is password protected.

Viewing level’s page source reveals there is some obfuscated javascript code. I just copied it and ran in the developer console. It hanged my browser window.

Now you know why I am paranoid about executing unknown javascript code.

So I deobfustacted the javascript code and found an interesting base64 encoded string.


Decoded it and it looks like a username:password

Used this username and password and I got the access to

Downloaded this repository using git-dumper and checked the commits and got the code.

Entered the code in challenge page and got the flag.

Leave a Reply

Your email address will not be published. Required fields are marked *