diff --git a/flagisnowhidden/Dockerfile b/flagisnowhidden/Dockerfile new file mode 100644 index 0000000..5132925 --- /dev/null +++ b/flagisnowhidden/Dockerfile @@ -0,0 +1,4 @@ +FROM nginx + +COPY ./conf/nginx.conf /etc/nginx/nginx.conf +COPY ./conf/html /usr/share/nginx/html diff --git a/flagisnowhidden/README.md b/flagisnowhidden/README.md new file mode 100644 index 0000000..b844e07 --- /dev/null +++ b/flagisnowhidden/README.md @@ -0,0 +1,7 @@ +# flagisnowhidden +## Text +I removed the flag from the website. Good luck finding it back. +## Files +n/a +## How to Deploy +docker compose \ No newline at end of file diff --git a/flagisnowhidden/SOLUTION.md b/flagisnowhidden/SOLUTION.md new file mode 100644 index 0000000..02ceb59 --- /dev/null +++ b/flagisnowhidden/SOLUTION.md @@ -0,0 +1,12 @@ +## Difficulty +?? +## Category +Web +## How To Solve +Observe that the `.git` folder is leaking at `/.git/`. Copy this folder to your local machine using `wget -nH --mirror .git /.git/`. Use `git log` to show the commit history. You can see that one of the commit messages is "hide flag". Using `git show` with the `commit ID` will reveal the flag. +``` +-

IGCTF{n3ever_3xp0se_fl4gs_1n_g1t}

++

REMOVED

+``` +## Flag +`IGCTF{n3ever_3xp0se_fl4gs_1n_g1t}` \ No newline at end of file diff --git a/flagisnowhidden/conf/html/git/COMMIT_EDITMSG b/flagisnowhidden/conf/html/git/COMMIT_EDITMSG new file mode 100644 index 0000000..90da051 --- /dev/null +++ b/flagisnowhidden/conf/html/git/COMMIT_EDITMSG @@ -0,0 +1 @@ +hide flag diff --git a/flagisnowhidden/conf/html/git/FETCH_HEAD b/flagisnowhidden/conf/html/git/FETCH_HEAD new file mode 100644 index 0000000..e69de29 diff --git a/flagisnowhidden/conf/html/git/HEAD b/flagisnowhidden/conf/html/git/HEAD new file mode 100644 index 0000000..b870d82 --- /dev/null +++ b/flagisnowhidden/conf/html/git/HEAD @@ -0,0 +1 @@ +ref: refs/heads/main diff --git a/flagisnowhidden/conf/html/git/config b/flagisnowhidden/conf/html/git/config new file mode 100644 index 0000000..6c9406b --- /dev/null +++ b/flagisnowhidden/conf/html/git/config @@ -0,0 +1,7 @@ +[core] + repositoryformatversion = 0 + filemode = true + bare = false + logallrefupdates = true + ignorecase = true + precomposeunicode = true diff --git a/flagisnowhidden/conf/html/git/hooks/post-commit b/flagisnowhidden/conf/html/git/hooks/post-commit new file mode 100755 index 0000000..fe5c32d --- /dev/null +++ b/flagisnowhidden/conf/html/git/hooks/post-commit @@ -0,0 +1,9 @@ +#!/bin/sh +### git-stats hook (begin) ### +# Copy last commit hash to clipboard on commit +commit_hash=$(git rev-parse HEAD) +repo_url=$(git config --get remote.origin.url) +commit_date=$(git log -1 --format=%cd) +commit_data="\"{ \"date\": \"$commit_date\", \"url\": \"$repo_url\", \"hash\": \"$commit_hash\" }\"" +git-stats --record "${commit_data}" +### git-stats hook (end) ### \ No newline at end of file diff --git a/flagisnowhidden/conf/html/git/index b/flagisnowhidden/conf/html/git/index new file mode 100644 index 0000000..3e2ffa3 Binary files /dev/null and b/flagisnowhidden/conf/html/git/index differ diff --git a/flagisnowhidden/conf/html/git/logs/HEAD b/flagisnowhidden/conf/html/git/logs/HEAD new file mode 100644 index 0000000..a3eb1b7 --- /dev/null +++ b/flagisnowhidden/conf/html/git/logs/HEAD @@ -0,0 +1,2 @@ +0000000000000000000000000000000000000000 071c93c131195760e3c933a31a6d56c6bf7b8313 Abel Stuker 1730538294 +0100 commit (initial): expose flag +071c93c131195760e3c933a31a6d56c6bf7b8313 2d87e51eefa6f195126294dbaca315f6534c713e Abel Stuker 1730538489 +0100 commit: hide flag diff --git a/flagisnowhidden/conf/html/git/logs/refs/heads/main b/flagisnowhidden/conf/html/git/logs/refs/heads/main new file mode 100644 index 0000000..a3eb1b7 --- /dev/null +++ b/flagisnowhidden/conf/html/git/logs/refs/heads/main @@ -0,0 +1,2 @@ +0000000000000000000000000000000000000000 071c93c131195760e3c933a31a6d56c6bf7b8313 Abel Stuker 1730538294 +0100 commit (initial): expose flag +071c93c131195760e3c933a31a6d56c6bf7b8313 2d87e51eefa6f195126294dbaca315f6534c713e Abel Stuker 1730538489 +0100 commit: hide flag diff --git a/flagisnowhidden/conf/html/git/objects/07/1c93c131195760e3c933a31a6d56c6bf7b8313 b/flagisnowhidden/conf/html/git/objects/07/1c93c131195760e3c933a31a6d56c6bf7b8313 new file mode 100644 index 0000000..076fa5b --- /dev/null +++ b/flagisnowhidden/conf/html/git/objects/07/1c93c131195760e3c933a31a6d56c6bf7b8313 @@ -0,0 +1,2 @@ +x[ +0E*_ɻ]+I-&)|Krn䄧ޘ!Z0&юLh,0 :6xǛ\PК/HI(Ű㳏Zg;Cʴ/f^;J \ No newline at end of file diff --git a/flagisnowhidden/conf/html/git/objects/2d/87e51eefa6f195126294dbaca315f6534c713e b/flagisnowhidden/conf/html/git/objects/2d/87e51eefa6f195126294dbaca315f6534c713e new file mode 100644 index 0000000..26a0836 Binary files /dev/null and b/flagisnowhidden/conf/html/git/objects/2d/87e51eefa6f195126294dbaca315f6534c713e differ diff --git a/flagisnowhidden/conf/html/git/objects/55/f77c8554ccb3f085cca10c3375044b31b79b64 b/flagisnowhidden/conf/html/git/objects/55/f77c8554ccb3f085cca10c3375044b31b79b64 new file mode 100644 index 0000000..6d4a462 Binary files /dev/null and b/flagisnowhidden/conf/html/git/objects/55/f77c8554ccb3f085cca10c3375044b31b79b64 differ diff --git a/flagisnowhidden/conf/html/git/objects/b7/2e4103ebd123ed01b1a0dc4b04ef4af6b05a57 b/flagisnowhidden/conf/html/git/objects/b7/2e4103ebd123ed01b1a0dc4b04ef4af6b05a57 new file mode 100644 index 0000000..c0187c3 Binary files /dev/null and b/flagisnowhidden/conf/html/git/objects/b7/2e4103ebd123ed01b1a0dc4b04ef4af6b05a57 differ diff --git a/flagisnowhidden/conf/html/git/objects/c5/7b0b79a86f6436af1fab67c26cc4502bab6e4a b/flagisnowhidden/conf/html/git/objects/c5/7b0b79a86f6436af1fab67c26cc4502bab6e4a new file mode 100644 index 0000000..4dec136 Binary files /dev/null and b/flagisnowhidden/conf/html/git/objects/c5/7b0b79a86f6436af1fab67c26cc4502bab6e4a differ diff --git a/flagisnowhidden/conf/html/git/objects/e1/c12e0166ac4c86fcef61b9efd52e77e58e1eeb b/flagisnowhidden/conf/html/git/objects/e1/c12e0166ac4c86fcef61b9efd52e77e58e1eeb new file mode 100644 index 0000000..d6ee64e Binary files /dev/null and b/flagisnowhidden/conf/html/git/objects/e1/c12e0166ac4c86fcef61b9efd52e77e58e1eeb differ diff --git a/flagisnowhidden/conf/html/git/refs/heads/main b/flagisnowhidden/conf/html/git/refs/heads/main new file mode 100644 index 0000000..895fd8f --- /dev/null +++ b/flagisnowhidden/conf/html/git/refs/heads/main @@ -0,0 +1 @@ +2d87e51eefa6f195126294dbaca315f6534c713e diff --git a/flagisnowhidden/conf/html/index.html b/flagisnowhidden/conf/html/index.html new file mode 100644 index 0000000..7434965 --- /dev/null +++ b/flagisnowhidden/conf/html/index.html @@ -0,0 +1,8 @@ + +

Welcome to my super awesome website

+ + + +

Here is the flag:

+

REMOVED

+ diff --git a/flagisnowhidden/conf/nginx.conf b/flagisnowhidden/conf/nginx.conf new file mode 100644 index 0000000..2de90cf --- /dev/null +++ b/flagisnowhidden/conf/nginx.conf @@ -0,0 +1,35 @@ + +user nginx; +worker_processes 1; + +pid /var/run/nginx.pid; + + +events { + worker_connections 1024; +} + + +http { + include /etc/nginx/mime.types; + default_type application/octet-stream; + + log_format main '$remote_addr - $remote_user [$time_local] "$request" ' + '$status $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + + access_log /var/log/nginx/access.log main; + + index index.html; + + server { + listen 80; + root /usr/share/nginx/html; + + location /.git/ { + alias /usr/share/nginx/html/git/; + autoindex on; + } + } + +} diff --git a/flagisnowhidden/docker-compose.yaml b/flagisnowhidden/docker-compose.yaml new file mode 100644 index 0000000..4b38466 --- /dev/null +++ b/flagisnowhidden/docker-compose.yaml @@ -0,0 +1,9 @@ +services: + flagisnowhidden: + build: + context: . + volumes: + - ./conf/nginx.conf:/etc/nginx/nginx.conf:ro + - ./conf/html:/usr/share/nginx/html:ro + ports: + - "2000:80"