Introduction
This box is a pretty easy one, kind of a regular CTF box. This box has got something new to learn for those who are not familiar with git tools (https://github.com/internetwache/GitTools).
Tools to be used while solving the machine:
1. Nmap
2. Git Tools (by internetwache)
Scanning
Initial Nmap scan for ports and services running on open ports gives “port 80” open with its default HTTP service.
“nmap -v -sV -sC <machine-ip>”
Scanning concludes with an open port i.e. port 80 and we found a publicly available git repository.
Enumeration
Lets have a look on what do we have on web page out there.
Web page lands up on a login screen. further more git repository is one more curious thing to have a look on as the name suggests git happens. And more over it looks like this repository would be our last destination to capture the flag.
Download git repository using git tools. link to download git tools is given above.
sudo ./dumper.sh http://<machine-ip>/.git/ git_files
Capture the Flag
looking through all commit logs and all uploaded files. We found something interesting on initial commit.
Have a look here we found password and login.
login using the credentials and boon we got the flag
