Post

0xL4ugh CTF 2024 - GitMeow

Posted
By Nolliv22
2 min read

Description

Category: Misc

Just another annoying git challenge :)

Author: zAbuQasem

nc 172.190.120.133 50001

Attachment:

1. Overview

The goal of this challenge is to get the flag using only git CLI tools.

However, there is a fake flag and we have to avoid printing it otherwise the server will not return the output:

1
2
3
4
5
6
7
8

def execute_git_commands(commands):
    for command in commands:
        output = os.popen(command).read()
        if "{f4k3_fl4g_f0r_n00b5}" in output:
            print(monkey)
            exit(1337)
        else:
            print(output)

2. Find the right tool

List of git tools: https://git-scm.com/docs

We found a tool that works like grep: https://git-scm.com/docs/git-grep

We will use some useful parameters to get the flag:

  • --untracked: read any file (useful for reading outside the git repository directory);
  • -o: print match only (avoid printing the entire fake flag);
  • -r: recursively scan;
  • -E: extended regex to use .+ (at least one of any character until end of line) useful to get the entire real flag without knowing its length

3. Get the flag

First we need to find a part of the real flag to avoid being blocked with: grep --untracked -o -r -E 0xL4ugh.... / (printing only a part of the flag).

1
2
3
4
5
6
7
8
9
10
11
12
13

 _____ _ _  ___  ___                   
|  __ (_) | |  \/  |                   
| |  \/_| |_| .  . | ___  _____      __ 
| | __| | __| |\/| |/ _ \/ _ \ \ /\ / / 
| |_\ \ | |_| |  | |  __/ (_) \ V  V /  
 \____/_|\__\_|  |_/\___|\___/ \_/\_/   

[+] Welcome challenger to the epic GIT Madness, can you read /flag.txt?
Enter git commands (Enter an empty line to end):
grep --untracked -o -r -E 0xL4ugh.... /

../../flag.txt:0xL4ugh{GiT
...

We know that the real flag starts with 0xL4ugh{GiT, we can print the entire real flag: grep --untracked -o -r -E 0xL4ugh.GiT.+ /

1
2
3
4
5
6
7
8
9
10
11
12

 _____ _ _  ___  ___                   
|  __ (_) | |  \/  |                   
| |  \/_| |_| .  . | ___  _____      __ 
| | __| | __| |\/| |/ _ \/ _ \ \ /\ / / 
| |_\ \ | |_| |  | |  __/ (_) \ V  V /  
 \____/_|\__\_|  |_/\___|\___/ \_/\_/   

[+] Welcome challenger to the epic GIT Madness, can you read /flag.txt?
Enter git commands (Enter an empty line to end):
grep --untracked -o -r -E 0xL4ugh.GiT.+ /   

../../flag.txt:0xL4ugh{GiT_D0c3_F0r_Th3_WiN}

Flag: 0xL4ugh{GiT_D0c3_F0r_Th3_WiN}

Writeups, 0xL4ugh CTF 2024
Misc
This post is licensed under CC BY 4.0 by the author.