Description : Help me get back my flag !
After visiting the link above, we get a login page.We can login using
admin/admin, but unfortunately the flag is deleted.
Then I started searching in the website for any other infos, but with no success. the admin of the challenge (
Tr'GFx) said that
bruteforcing directories is enough to solve the challenge, so I used dirsearch.py to search for directories.
Using dirsearch I found
/.bzr/README, which means there is a Bazaar repository on the website, Bazaar is like
Bazaar is a version control system that helps you track project history over time and to collaborate easily with others.
We can now use
bzr branch utility to clone the remote repository.
bzr branch -Ossl.cert_reqs=none https://web8.ctfsecurinets.com/
for cloning a bzr repository use bzr branch and not bzr clone
After cloning the repo, we can see the log by executing
We can see that the flag was deleted in the revision number 2, so let’s revert back to rev 1.
We use the command
bzr revert -r1 to revert back to the revision 1.
Now we can see the file
flag.php which has the flag in it.