Written by G0d3l
3DSCTF2017 - Baby Geniuses
The babies are using their own communication method.
- We started with a naive interaction. The website presents a login form, it does not give any feedback using all the usual HTTP verbs.
- We analysed the headers, searched for js(, css..) files but nothing unusual.
- We did a directory/file discovery on the url and it showed an exposed .git directory.
- We dumped it using a tool called GitTools.
- We recovered a file marquee.log that contains many formatted dates.
- We tried to find a crypted message that involes the dates (practically we just guessed) but there were no interesting results except a “DKRY?T” word that we thought it’s decrypt in baby language xD.
- We manually examined the .git directory files… and we found a github repo as “origin” in the config file.
- The commit dates were actually forged. So we thought it had something to do with the contributions graph.
- The flag was actually drawn in the contributions github graph… (the commit dates).
Git config file