Challenge Description
Another challenge about version control using Git. This time, as the description mentions, it’s about commits made by someone.
To begin, download the file using wget and unzip it. Unzipping the challenge.zip file will extract many git files and directories, which will all be stored in a directory called drop-in.
Understanding what we have
We cd into the drop-in directory. Running ls shows that there’s one file called message.py. However, it only contains 1 line of code which is not useful in our quest for the flag.
Why was the
.gitfolder not shown when I ranls?Worry not, it’s still there!
The
.gitfolder is hidden by default due to this folder storing important git related information (Rashid, 2022).
I then ran git branch -a to check if there are more than 1 branch in this git repository. Thankfully there was only 1 branch named “master”. This simplifies our task as we don’t have to check the commits made in different branches.
Finding the author
PicoCTF Hint: In collaborative projects, many users can make many changes. How can you see the changes within one file?
Looks like we only have to check the commits within one file. We can do this by running
git log <file-name>.This actually makes our task much easier. In a separate terminal, I actually ran
git logto display the entire commit history in thisgitrepository, and received an overwhelming output, as shown below.
I ran git log message.py, as this was the only file that I knew existed in this repository. Doing this revealed the flag.
Alternative solution
Alternatively, I figured that we can technically run git log | grep "Author", especially since we know from the challenge description that our motive is to find the name of someone in the commit history who messed up the program.
In git logs, the name of the person who made the commit is known as the “Author”. That is why we pipe the content through grep with the search term being “Author” to find our flag.
Flag
picoCTF{@sk_th3_1nt3rn_b64c4705}
References
- Rashid, I. (2022, January 30). .git folder not visible | Cloud Build. Cloud Build. https://cloudbuild.co.uk/tag/git-folder-not-visible/#:~:text=git%20folder%20is%20created%20within,view%20and%20selecting%20hidden%20items.