Tags: mercurial web
Rating:
The full writeup for this challenge is available at my site. The version available here has had images removed.
This challenge was part of LACTF 2023, where asmhole placed 33rd out of nearly 1,400 teams.
Author: bliutech
When I was... a young boy... I made a "My Chemical Romance" fanpage!
my-chemical-romance.lac.tf
I want to preface this with the fact that I've never heard of this band. Don't get mad at me, that's just the truth. Anyway, now that you've (hopefully) gotten past that horrifying fact, back to the challenge.
Opening up the site, it appeared to be nothing special. However, my ultra-mega-super-plus-hacker senses were tinglihg. I loaded up Burp Suite, proxied the site through it, hit reload, and... voila. There it was. There was an extra header, Source-Control-Management-Type: Mercurial-SCM
in the response.
Looking into Mercurial, I found that it's a SCM that has lost a lot of popularity. However, clients are still available, so I downloaded TortoiseHg and 'cloned' the website repo.
After cloning the site (ignoring SSL certificate checks), the flag was right there in the clear in the commit history.
My Chemical Romance? More like My Cloned Repository!
Flag: lactf{d0nT_6r1nk_m3rCur1al_fr0m_8_f1aSk}