Want to run this Docker container locally?

docker run -d --name ctf-flag-7 --restart always -p 9007:80 joshbeck2024/ctf-phar-out-flag-7

IP Address: 172.25.200.200:9007

This flag is based on the the IPPSEC Video UpDown.

(Highly suggested you stop here and watch it!)

This site will require basic enumeration with something like FFUF.

• Use raft-small-words.txt
  • First, you’ll find a folder called backup
  • You’ll need to fuzz the website using a tool like FFUF.
  • You will discover the backup folder
  • You will then discover a .git folder (Status 301)

Now that we know we have a .git folder, we can use a program called git-dumper to see what’s in there and possibly look at the source code underlying the website.

A pip install will get the job done on Kali. The GitHub repo is here.

python3 -m venv venv
source venv/bin/activate
pip3 install git-dumper

Now let’s see if we can pull in something useful

mkdir website
git-dumper <http://172.25.200.200:9007/backup/.git> website

Let’s see what’s inside.

cd website
ls
cat index.html

It appears we have a webpage that contains an upload form telling us we can upload gif, jpg, and png files. However, there doesn’t seem to be any checks for admin access, which prevents us from viewing the form.

Let’s check the git log.

git log

Let’s ‘checkout’ that commit and see what’s up with those headers.