Bluhens CTF-2024

Web Challanges

Web Intro:

In the challenge index page, it is stated that the developer learned from Solar Flare to use version control.

In the hint of using version control used in the application, I decided to check for .git leak in this challange.

/.git returns 403 forbidden

While checking the layout of the git repository https://git-scm.com/docs/gitrepository-layout.

/.git/HEAD

It Will confirms that application default git branch is to be a master.

While checking for the git logs.

/.git/logs

Again application throws 403 Forbidden error.

While checking the HEAD file.

Application throws the Commit id with the comments.

Using Git-dumper tool to clone the files to local.

Locating the /.git/ directory.

ref: https://git-scm.com/docs

Extracting the commit.

let password = document.getElementById("password").value;
if (md5(password) == "1c63129ae9db9c60c3e8aa94d3e00495"){
    //You logged in!
    document.getElementById("page").innerHTML = "You ARE logged in... fetching flag";
    form.classList.add('hide');
    $.ajax({`
        method:"get",url:"flagme.php",data:{"password":password},success: function(data){
            $("#page").html(data);// Some code

Decrypt the Password 1c63129ae9db9c60c3e8aa94d3e00495

$.ajax({`
        method:"get",url:"flagme.php",data:{"password":password},success: function(data){
            $("#page").html(data);

/flagme.php?password=lqaz2wsx

Flag : udctf{00ph_g1t_b4s3d_l34ks?}

DNS:

The application will provide the flag only your dig from the 127.0.0.1.

Flag : UDCTF{sp00fing_5ucc3ss_127_0_0_1_f728bf}