Tags: github osint 

Rating:

# Inferno CTF 2019 – New Developer

* **Category:** OSINT
* **Points:** 50

## Challenge

> A friend of a friend of a friend who is known for leaking info was recently hired at a game company. What can you find in their GitHub profile?
>
> https://github.com/iamthedeveloper123
>
> Author: nullpxl

## Solution

Analyzing the commits of one of its projects on Github, you can find the following.

```
https://github.com/iamthedeveloper123/bash2048/commit/f6008f3d67829ad0ab19d029eec6833a196db8d8
```

It contains an interesting change.

```bash
printf "\nYou have lost, try going to https://pastebin.com/$CODE for help!. (And also for some secrets...) \033[0m\n"
```

The content of the environment variable `$CODE` can be found inside a dot file.

```
https://github.com/iamthedeveloper123/dotfiles/blob/master/.bashrc2#L83
```

The value is the following.

```bash
export CODE="trpNwEPT"
```

So connecting to `https://pastebin.com/trpNwEPT` will give you the flag.

```
infernoCTF{n3ver_4dd_sen5itv3_7hings_to_y0ur_publ1c_git}
```