After a long time without creating a challenge, I finally decided to make a simple one.
This challenge is themed as a QR Code Generator, but the vulnerability is not in the QR Code itself. Below is a simple way to solve it.
Gathering Information Challenge Given
As usual, the challenge was posted in the Surabaya Hacker Link group. There was no clue at all, so we directly accessed the website. It turned out to be a QR Generator page with name and Instagram input fields.
PREFACE Just a small note when finding an exposed git repository on a website
NOTES Git is a version control system used by developers to build software collaboratively. The main function of git is to manage versions of your program source code by marking which lines and code were added or changed. Git will create a dotfiles (.git), which contains all its data including committed source code, therefore it’s better to route or restrict access to the git repository from outside. Why? Because …
Preface First of all, thanks to slashroot ctf because without slashroot ctf I might not have been able to provide these challenges through dewaweb.com. Thanks to all player who took the time to try this ‘simple’ challenge.
Notes clue “recon, tools, sign-in, submit”
This recon is very easy, actually you don’t need to use tools or scanners. There are still many websites that store important things in HTML comments.
It clearly shows info that the git repository (/.git/) was …
