Git Gud

Files

Opening the site we see a plain directory listing, and straight away there it is, flag.txt!

Screenshot of directory listing

Sadly the file just has a fake flag inside, so time to move on to the next lowest hanging fruit, the files directory. Let's use wget to download a few and see what we have:

wget -l 1 -r http://puzzler7.imaginaryctf.org:1337/files/
--2021-10-11 18:03:42--  http://puzzler7.imaginaryctf.org:1337/files/
Resolving puzzler7.imaginaryctf.org (puzzler7.imaginaryctf.org)... 67.159.89.33
Connecting to puzzler7.imaginaryctf.org (puzzler7.imaginaryctf.org)|67.159.89.33|:1337... connected.
HTTP request sent, awaiting response... 200 OK
Length: unspecified
Saving to: ‘puzzler7.imaginaryctf.org:1337/files/index.html’

puzzler7.imaginaryctf.org:1337/files/index.html                     [ <=> ]   2.92K  --.-KB/s    in 0s      

2021-10-11 18:03:42 (533 MB/s) - ‘puzzler7.imaginaryctf.org:1337/files/index.html’ saved [2987]

**snip**

--2021-10-11 18:03:54--  http://puzzler7.imaginaryctf.org:1337/files//ZX8OSG
Connecting to puzzler7.imaginaryctf.org (puzzler7.imaginaryctf.org)|67.159.89.33|:1337... connected.
HTTP request sent, awaiting response... 200 OK
Length: unspecified
Saving to: ‘puzzler7.imaginaryctf.org:1337/files/ZX8OSG’

puzzler7.imaginaryctf.org:1337/files/ZX8OSG                         [ <=> ]      64  --.-KB/s    in 0s      

2021-10-11 18:03:54 (11.9 MB/s) - ‘puzzler7.imaginaryctf.org:1337/files/ZX8OSG’ saved [64]

FINISHED --2021-10-11 18:03:54--
Total wall clock time: 12s
Downloaded: 62 files, 37K in 0.01s (3.66 MB/s)

There are a LOT of files in there (62 mixed files and directories just in the files directory), but none of them contain a (real) flag. A quick look at the Dockerfile and generate.py shows us where they came from, and that there's nothing of interest in there for us.

Git

Turning our attention to the challenge title, what if this directory is actually a git repository? Navigating to http://puzzler7.imaginaryctf.org:1337/.git confirms this idea, so time to return to wget to download the directory: wget -r http://puzzler7.imaginaryctf.org:1337/.git.

Now that we have the repository locally we can use normal git commands to explore the history, starting with git log. We see a commit with the message replaced the flag with a fake one so let's aim to return the repository to just before that commit was made. First we have to git stash to fix the current broken local state, then we can run git checkout 526855ad69f194cb1b223b339dc80277f6059bf9. Finally all that's left to do now is open the flag file: ictf{with_.git_the_timeline_can_be_anything_you_want_it_to_be}.