Tags: misc git 

Rating:

# Docs Writeup

EkoParty CTF 2020 Git 2

## Prompt

Exact prompt has been forgotten. Linked to [this GitHub repo](ekolabs.tar.gz)

## Solution

As I mentioned in the writeup for [leak](../leak), I was in a very `github`by mindset when I started this challenge. For that reason, I solved this challenge first.

A quick inspection of the repo shows that it features an accidentally committed SSH private key and matching public key. I copied the text of these out of the commit log, and into [chall](chall) and [chall.pub](chall.pub). Now I have ssh access, however what to?

The next part of this challenge involves the git actions for the repo, in `.github/workflows/`. In there we get an `issue-bouncer.yml` and corresponding `issue-bouncer.py`. Reading through these two, we notice something useful:

```yml
DST_REPO: 'ekoparty2020/ekoparty-internal'
```

The python script essentially moves an issue to that `DST_REPO`, so I figured why not try to clone it?

```bash
eval `ssh-agent` && ssh-add chall && git clone [email protected]:ekoparty2020/ekoparty-internal.git
```
> Note: I had to modify permissions on the private key `chall` to get this to work.

This clones [the internal repo](ekoparty-internal.tar.gz), which conveniently features our flag in the root `README.md`

```
EKO{1ca688c86b0548d8f26675d85dd77d73c573ebb6}
```

~ Lyell Read

Original writeup (https://github.com/lyellread/ctf-writeups/blob/master/2020-ekoparty/docs/README.md).