This is a write-up about one of the 9447 CTF web challenge. The goal of this challenge was to recover a file from a web accessible git repository.
We are given an URL to an HTML page which suggests that the target is using git. The first thing I check is the existence of a .git folder at the root of the website.
The HTTP request returned "403 Forbidden" it means the directory exists but we can't access it.
The second step was to download the index file. The index is a binary file containing a sorted list of path names, each with permissions and the SHA1 of a blob object.
By opening the index file with an hexadecimal editor we can see there is a "token" file with the SHA1 0d2fce4623aa8cd8fcaae969c9af4c73e0b4bfe0
Reading the object file
We can download the token object file with the following url.
The last step to get the flag is to decompress the object, one simple way to do it is to use Python and zlib.
python -c "import zlib,sys;print(repr(zlib.decompress(sys.stdin.read())))" < 2fce4623aa8cd8fcaae969c9af4c73e0b4bfe0