Author: Yadhu Krishna
Analysis
Upon opening the challenge, we are greeted with a login page and the credentials are not given. However, the given hint leads us to directory at .
Exploiting
Now we have a fully accessible directory. The exposed directory can be recursively cloned using
This command clones all the files in the .git directory to local computer. This cloned directory is a valid git directory and contains all the information about commits, history, remote repository address, etc.
Upon checking the status of the repository using command, we find that has been deleted. The deleted file can be restored with command.
We can now find the username from , however, the password appears to be hashed.
Upon checking the commit history with command, we find there are 3 commits.
We see that there is a commit with ID that mentions about a security issue that was fixed.
We can revert back to the first commit using command. (Note that the ID given is that of the first commit.)
Now let us check the source code of . This gives us the username and password of the application.
Upon logging in with these credentials, we get the flag.