CTFtime.org

Chandi Bot 6

by siunam / siunam

Tags: git 

Rating:

# Chandi Bot 6

- 190 Points / 117 Solves

## Background

We finally found the source code. Can you dig through find the secret?

`https://github.com/1nv8rzim/Chandi-Bot`

## Find the flag

**In this challenge, it gives us a [GitHub repository of the bot](https://github.com/1nv8rzim/Chandi-Bot)'s link:**

![](https://raw.githubusercontent.com/siunam321/CTF-Writeups/main/RITSEC-CTF-2023/images/Pasted%20image%2020230402160903.png)

Right off the bat, we see there are **14 commits** in branch "master", and **3 branches**:

![](https://raw.githubusercontent.com/siunam321/CTF-Writeups/main/RITSEC-CTF-2023/images/Pasted%20image%2020230402161006.png)

**Let's clone that repository!**
```shell
┌[siunam♥earth]-(~/ctf/RITSEC-CTF-2023/Chandi-Bot)-[2023.04.02|16:08:23(HKT)]
└> git clone https://github.com/1nv8rzim/Chandi-Bot.git
Cloning into 'Chandi-Bot'...
[...]
┌[siunam♥earth]-(~/ctf/RITSEC-CTF-2023/Chandi-Bot)-[2023.04.02|16:10:35(HKT)]
└> cd Chandi-Bot/; ls -lah
total 96K
drwxr-xr-x 8 siunam nam 4.0K Apr 2 16:10 .
drwxr-xr-x 3 siunam nam 4.0K Apr 2 16:10 ..
drwxr-xr-x 2 siunam nam 4.0K Apr 2 16:10 bot
drwxr-xr-x 5 siunam nam 4.0K Apr 2 16:10 commands
drwxr-xr-x 2 siunam nam 4.0K Apr 2 16:10 config
-rw-r--r-- 1 siunam nam 31 Apr 2 16:10 config_example.yml
drwxr-xr-x 8 siunam nam 4.0K Apr 2 16:10 .git
-rw-r--r-- 1 siunam nam 22 Apr 2 16:10 .gitignore
-rw-r--r-- 1 siunam nam 916 Apr 2 16:10 go.mod
-rw-r--r-- 1 siunam nam 47K Apr 2 16:10 go.sum
drwxr-xr-x 2 siunam nam 4.0K Apr 2 16:10 helpers
-rw-r--r-- 1 siunam nam 498 Apr 2 16:10 main.go
drwxr-xr-x 2 siunam nam 4.0K Apr 2 16:10 structs
```

Now, sometimes a version control's repository could contain some ***sensitive information in commits***, like API key, private SSH key, credentials, and other stuff like the flag.

**To view commits in Git, we can use:**
```shell
┌[siunam♥earth]-(~/ctf/RITSEC-CTF-2023/Chandi-Bot/Chandi-Bot)-[2023.04.02|16:10:41(HKT)]-[git://master ✔]
└> git log -p
commit 91520f529945a5846c54feb28f7645437ce820b2 (HEAD -> master, origin/master, origin/HEAD)
Author: Maxwell Fusco <[email protected]>
[...]
diff --git a/commands/enabled.go b/commands/enabled.go
new file mode 100644
index 0000000..21e8078
--- /dev/null
+++ b/commands/enabled.go
@@ -0,0 +1,13 @@
+package commands
[...]
```

However, there's nothing weird in master branch.

**To switch to other branch we can use:**
```shell
┌[siunam♥earth]-(~/ctf/RITSEC-CTF-2023/Chandi-Bot/Chandi-Bot)-[2023.04.02|16:14:38(HKT)]-[git://master ✔]
└> git checkout fix-packages
branch 'fix-packages' set up to track 'origin/fix-packages'.
Switched to a new branch 'fix-packages'
┌[siunam♥earth]-(~/ctf/RITSEC-CTF-2023/Chandi-Bot/Chandi-Bot)-[2023.04.02|16:14:46(HKT)]-[git://fix-packages ✔]
└>
```

**Then, view commit logs again:**
```shell
┌[siunam♥earth]-(~/ctf/RITSEC-CTF-2023/Chandi-Bot/Chandi-Bot)-[2023.04.02|16:14:46(HKT)]-[git://fix-packages ✔]
└> git log -p
[...]
diff --git a/commands/main.go b/commands/main.go
index 477d7d4..edb5dc4 100644
--- a/commands/main.go
+++ b/commands/main.go
@@ -82,6 +82,6 @@ func StartScheduledTasks() {

func StopScheduledTasks() {
if len(ScheduledEvents) > 0 {
- quit <- "RS{GIT_CHECKOUT_THIS_FLAG}"
+ quit <- "kill"
}
}
[...]
```

Boom! We found the flag!

- **Flag: `RS{GIT_CHECKOUT_THIS_FLAG}`**

## Conclusion

What we've learned:

1. Leaking Sensitive Information In Git Repository

Original writeup (https://siunam321.github.io/ctf/RITSEC-CTF-2023/Chandi-Bot/Chandi-Bot-1-6/#chandi-bot-6).

Comments