TimisoaraCTF2018-Squirrels

Question

http://squirrels.woodlandhighschool.xyz/

Solution

第一步用插件check下有冇.git 洩漏先啦

1
2
3
4
5
6
7
http://squirrels.woodlandhighschool.xyz/.git/	              SECURITY LEAK!
http://squirrels.woodlandhighschool.xyz/.git/index	          SECURITY LEAK!
http://squirrels.woodlandhighschool.xyz/.git/COMMIT_EDITMSG	  SECURITY LEAK!
http://squirrels.woodlandhighschool.xyz/.git/config	          SECURITY LEAK!
http://squirrels.woodlandhighschool.xyz/.git/description	  SECURITY LEAK!
http://squirrels.woodlandhighschool.xyz/.git/HEAD	          SECURITY LEAK!
http://squirrels.woodlandhighschool.xyz/.git/packed-refs	  Well done.

見到咁就用githack clone晒落黎先
但係用git log又乜都睇唔到喎 , 咁唯有去番.git到睇下有咩線索啦
睇到去 config既時候發現

1
2
3
4
5
6
7
8
9
10
11
[core]
	repositoryformatversion = 0
	filemode = true
	bare = false
	logallrefupdates = true
[user]
	email = squirrels@woodlandhighschool.com
	name = Squirrels
[remote "fork"]
	url = http://git.woodlandhighschool.xyz/squirrels
	fetch = +refs/heads/*:refs/remotes/fork/*

原來呢個site係fork落黎 , main repo係http://git.woodlandhighschool.xyz/squirrels
去到一睇點知係空白架喎 , 咁又唯有githack下佢啦
發現有個commit 既desciption係add flag , 咁checkout落黎睇睇先

1
cat index.html | grep tim

Flag

1
timctf{g1t_w1z4rd_1n_w00dl4and_h1ghsch00l}