Commit & Order: Version Control Unit
Writeup for Commit & Order - Version Control Unit (Web) - CTF@CIT CTF (2025) π
Description
In software development, the repository is represented by two separate yet equally important branches...
Solution
Another PHP login page. Test for SQLi again, thankfully not a repeat of the first challenge π
Description hints at git, so we can check http://23.179.17.40:58002/.git/
It returns a Forbidden page, meaning that it exists but we cant access it. Time to check out the git-dumper tool! It takes the URL and directory to dump to.
git-dumper http://23.179.17.40:58002/.git/ .It downloads the git repo, now we can check the log.
git log
commit 7c8c6a8e434cb23aa9c9dac0ce715e928016849a (HEAD -> master)
Author: webmaster <[email protected]b>
Date: Fri Apr 18 12:39:59 2025 -0400
I think we're good for now
commit 9b8bf13600c17ba7cbbc9ac7dcffaebd36b16b36
Author: webmaster <[email protected]>
Date: Fri Apr 18 12:39:06 2025 -0400
changed it again
commit 68f8fcdbebcca3c8fda1e91fcb842992d09a41d4
Author: webmaster <[email protected]>
Date: Fri Apr 18 12:34:30 2025 -0400
putting chatgpt to work
commit 247b12483ba3a6a8d177fdd9d74416a01eb61512
Author: webmaster <[email protected]>
Date: Fri Apr 18 12:30:08 2025 -0400
updated some more
commit ca9517713391aca6f5073758effa47c33d3be6b4
Author: webmaster <[email protected]>
Date: Fri Apr 18 12:26:52 2025 -0400
updated admin page
commit 0e775315a623ed96d9b0b53e6ffb69dd06b93902
Author: webmaster <[email protected]>
Date: Fri Apr 18 12:18:13 2025 -0400
first commitHmmm "putting chatgpt to work"? Sounds like somebody has been vibe coding! Let's do a diff.
Looks like a base64 encoded message, let's decode.
Flag: CIT{5d81f7743f4bc2ab}
Last updated