LA CTF 2024 — my poor git

My poor git server! I think someone took a hammer to the server and ruined a few of the files!

The git repo is available at /flag.git

poor-git.chall.lac.tf

We're given a git server with repo at /flag.git. Fetching /flag.git/HEAD, we get

ref: refs/heads/main

Unfortunately, just trying naively to clone the repository gives an error:

PS C:\Users\kevin\Downloads> git clone https://poor-git.chall.lac.tf/flag.git
Cloning into 'flag'...
remote: error: Could not read b061db539557e1bb4dbcffd936a2d1412eeb1f66
remote: fatal: Failed to traverse parents of commit c2e6e9737a8a666667b27c3a1dc84a76c8f4dab3
remote: aborting due to possible repository corruption on the remote side.
fatal: protocol error: bad pack header

— it looks like these "ruined files" have corrupted parts of the commit tree.

Instead, a big hint lies in the description of the follow-up challenge, "my smart git":

Apparently my poor git server didn't like being called "dumb", so it disabled its dumb capabilities.

Looking it up, it appears that the "dumb" and "smart" protocols are protocols used by Git servers to transfer data between repositories. Following this, we can instead look at /flag.git/info/refs to get the SHA-1 hash of the latest commit on main:

217ecd3c93b00c6b7404473d3bdfcb222a22edf4	refs/heads/main

Now that we have the hash, we can then request /flag.git/objects/21/7ecd3c93b00c6b7404473d3bdfcb222a22edf4 to get the raw object file associated with the commit. Running the file contents through zlib-inflate, we can find the hash of the commit's parent, as well as the associated tree object.

commit 1128[nul]tree b46f24349a27913ddfa5c8a29bc3bcc8d2722358
parent c2e6e9737a8a666667b27c3a1dc84a76c8f4dab3
author burturt <[email protected]> 1705793830 -0800
committer burturt <[email protected]> 1705793830 -0800
gpgsig -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEES9haaAXoglC6rYp5y1IcUPPMLo8FAmWsWSYACgkQy1IcUPPM
 Lo+D7xAArOSdQR7brnqMfoeYp5no8DH/GduQ0k8M6EPMaVWG8Muj2yt1rBMJQxy+
 LQdMHDCEXJIZ/xjqMsSB7wIKd83QjtT2l2dfo8f/s4HibiSe/1legY69jcigbZ7X
 /k4ghGrp0MKL8o768GcbOVZ/eRhQeSef+X2bCnUD9ITHqmjEUq2f0LBGvLulmSIb
 jlqEhSfm5bu3PjUyD3sn81oZoL02313FQABGgMNz7NSSP7T0qpfqNhrNvgTvZCao
 L+yuk3g4iFnVztUIW+QS91+VpTrJZU5fsOd+aLNRkR6ka8ZZOwzuDpKP3gYQ2oyB
 0pxHQdkQ1imlc1atTCqGvCUERWGzRqfF2hyNRLy008uSY/yR9dPkHVnmq/Y7jL9C
 CrkjwwqUHk7abCPPIqKS0IA0nwiMFh3ifSxVqcqkchbca6rfTdRiYhoRIIpf4igK
 RHnSEOE/pmwt4Nd0oHh/QR3x0zoYI3+et7fGAD0yJ/TgakZRqts00XOspkT1ExDv
 b73vq71qTBwggGzNx92xWvtQEqRXAabnjj9kf5ku7Ff3gfqj0auzLtWmJYvX+b8o
 cJlZ5OREHrs/M898uP1CWwmkGSv7Jn+ZsMGdE0yxh7SWMPLMoKqnFCy9oEN49IWC
 RVzOF8yeqNYNsvfDOxGv6PoMch2+M/mu21XzwcU2ku2I4MUp4hs=
 =uif1
 -----END PGP SIGNATURE-----

remove flag again uugh

Looking at the tree object at /flag.git/objects/b4/6f24349a27913ddfa5c8a29bc3bcc8d2722358 in cat-file, we get the hash to the blob file with the contents of nothing_here.txt:

PS C:\Users\kevin\Downloads> git cat-file -p b46f24349a27913ddfa5c8a29bc3bcc8d2722358
100644 blob 9edefc0af031a4fd82fe047ca2abe625abd2b933    nothing_here.txt

Unfortunately, /flag.git/objects/9e/defc0af031a4fd82fe047ca2abe625abd2b933 isn't what we're looking for.

blob 30[nul]there's nothing here, go away

Instead, we can repeat the same process for the commit's parent. Looking at /flag.git/objects/c2/e6e9737a8a666667b27c3a1dc84a76c8f4dab3,

commit 1172[nul]tree 47442ca74fffb4c5d1293fbd7bb0bc048d8fdff4
parent ac4d7070179f49c03ed06d98c19068cc8e2d74c5
parent b061db539557e1bb4dbcffd936a2d1412eeb1f66
author burturt <[email protected]> 1705793796 -0800
committer burturt <[email protected]> 1705793796 -0800
gpgsig -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEES9haaAXoglC6rYp5y1IcUPPMLo8FAmWsWQsACgkQy1IcUPPM
 Lo/WTQ/+NHlgQ/9EPV/6hgdC/ZrzatMEckzxCW7ZByOkDoO0c/69HcarTtXZbR7B
 ewd1eqUdVRAmfIxzH9wkQptn05lEpJm6waiA6udsFkh2ZiFmdgq66reVXrLpP/4M
 YBCcpM1i4Z7MLE8u/hJDWE+yogaGBF97nP+sm7NGIkyrrRgf1DwYNxuGsdsOnOtD
 scbA1/mnRvKQ06I0zKlSmbhjXtkNyMY8fQ9B4nq3JoReIQ+QNCPd6HuU/D83bHVt
 agFKnBCQE9lNgeMZYuQSnHKA8Vg9GhoMqa7u9sIRZEBtiJJnVcs7o1EvwF9iOF87
 ZJRRt3rU/BoM4G8i/0g7FnHb2VaTi0UgXe9Vy6QHryje8cUhCxc8WcpU/s6jheid
 q6BR6oDJxTCZZktz5/DYZzRl7Ekz2dv2d0f9Ie3/gK5Ro4bSAOFV1vTEL2ekDpX2
 3DVo5//jKuQH9mZQHcSZwI9gvp1oITC6w2NGs+IHLA3L1p7in0WmcMoA6biKRXEb
 LpLkhQ2+7Qi+8X/e0l1Nuo2KMuL+2Py9JwNmCgMNF65Hv8orpEmw8flc6Jz5bT73
 o7BDNyzNjo347pMs476jZHnsd7cHXezAPCPzHSuvGgB71uTdNRXOQ8zwWy1j2gS/
 Pe0QyoNVW5FFvryhe2DEuHTHiQ6f/bpxn/SMicO28v488/78rlU=
 =tzsP
 -----END PGP SIGNATURE-----

Merge branch 'fix'

PS C:\Users\kevin\Downloads> git cat-file -p 47442ca74fffb4c5d1293fbd7bb0bc048d8fdff4
100644 blob 21ffc8efea76d918dc0c5c956ea9d73b51327a8e    flag.txt

blob 20[nul]lactf{not the flag}

Looking at /flag.git/objects/91/fede8498f1ffd14699ec8d7f43f383f3147e64,

commit 1117[nul]tree 4b825dc642cb6eb9a060e54bf8d69288fbee4904
parent 91fede8498f1ffd14699ec8d7f43f383f3147e64
author burturt <[email protected]> 1705793793 -0800
committer burturt <[email protected]> 1705793793 -0800
gpgsig -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEES9haaAXoglC6rYp5y1IcUPPMLo8FAmWsWQEACgkQy1IcUPPM
 Lo8GiA/+PR30IZnufwJ+67HIlWJpZ0FxuoM2dttVxy1bVVvOm5k3eyJxQ6Kt69UW
 dVQSPSZjY7FQBKwBgjANHytATVGNK4PE/SLhfyKyakHBrnx3sueMW9zSDPVlV1xS
 uGQ4q/2VWsV331aAoBYB8x2VM1809YpcVINrZq3ylv1J7GTNzXVwZWbIjejMq68x
 5iN8mCpJX6qUfI7pn6uJWNXv8AkX7AQWWD0i+s8D5CBvHpeVeVLrZLO+97oexGMd
 BXYcfWKyjnHtRzM4OF2OoYJBdEk8QfmMi2g9Zn6IwZmU8HRpQR+TuNJOHHMSZbqh
 jftQNqBLuGL4o158ejEgptSkf/R3m7F4vVqzcS7SwcfP0QcqpJ/Ra5bJoWuye5Ln
 R2lE7Y39HK0lxJfcZQddDy824JZUWYPUdBvmLkOkb/z8nt91WWaiRYo7cDyI8KAA
 HlOyPordSYrOc0Z9iSk13lZ1sDHrunw3kEAd8ayI4PMqdPJNTmdCcSelKbnfLtyA
 YOcoC3qyhPR5NGeQGebC0caNIFzEsPkmdP639qVF2w+yq9oRgSwgcIPoowoJgIGI
 YUZlnSwGSqPb/x4nnfvgN7gvNvYOVZo6k1AGubMK8E4Ti2ReiKYuD1gvDrq9g9gc
 SgtAbJvd+l+skpyzrODGunKMoFT1DiqekrNp9/Iyt1mqcrtYfFE=
 =U9g5
 -----END PGP SIGNATURE-----

remove flag

this commit has an empty tree. Looking at /flag.git/objects/91/fede8498f1ffd14699ec8d7f43f383f3147e64,

commit 1135[nul]tree 1ee98dd3a67505c02a1ab4739f1a46a25d116599
parent e3fde9187ea42af07d95bb3e891b6338738810ab
author burturt <[email protected]> 1705793666 -0800
committer burturt <[email protected]> 1705793666 -0800
gpgsig -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEES9haaAXoglC6rYp5y1IcUPPMLo8FAmWsWIIACgkQy1IcUPPM
 Lo8IqxAAn8uYimDqV0DjARDRn8F+AqCZ/VylAa2V+QdTcVFe+2yy/R2FidG+MVBf
 3ol5DXL/EJ7pKcVSqBgsbP7VeGxn5M2T/pJ9l0wftALuTXY4r5Seb5OIy0ekO7bf
 QmI4KFMyxuXucIDlhNToyrutiZ012v2efFZRw3ouzVA0anlCti+e018ug+1Gnc/W
 7Y2oeBtuHFjNofSePsj1dAOa9K7RxYLJd3zQ0hqlx2qCrvcrfDSnlVQYRM/hWFmC
 QqCsvgIu8vK0vNkg1uSfC9RNT7Y3zkdgTx+Q3xslJWskgcB5EWisCeSQFput29Py
 TLP5p5MDgdHNji3oxjYOOHPErzvgLzL6bkgBB5zqnD5BOAMlWu5HG7XmpKljUwbf
 mTMjFRgW0Oixw1736FdwUCC9PBaCfyfVjZtGS3JepVxwIBx0W3AvVgaoWK2LH0SS
 3w6Qaa2SWnr2BJ/mvQpbBtOkTyBsdYzjdjHiV90nTNUMvBFb/Zq2V6synp0GoLRH
 B11AslvaxHakbPMr9mtGOAUw/6FJFOf6Rhg1eCsUNdpHtZ5igXtn7sU2ngYlhSQK
 KRME/axtlMaGlLh/VdR69iCyrpleWJtt9l5iRrK9tBlv904Nc6xi6bxqAmThKVet
 MyOyUaeMToSplgOcLeKXwjzhOsOOwnUgDld1sQjBjPJKXLqQvsY=
 =vP+C
 -----END PGP SIGNATURE-----

remove newline at end of file

this tree file doesn't seem to exist. Finally, looking at /flag.git/objects/e3/fde9187ea42af07d95bb3e891b6338738810ab,

commit 1114[nul]tree 75e7c1f3b178941ef76997bc3a9ca19bdc0dda09
parent fd87b3b95fc02fea268ecea9dce20964b285f50b
author burturt <[email protected]> 1705793578 -0800
committer burturt <[email protected]> 1705793578 -0800
gpgsig -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEES9haaAXoglC6rYp5y1IcUPPMLo8FAmWsWCoACgkQy1IcUPPM
 Lo+qoA//aHEpF4eedE4gfR+ghdo9qbNIJTJME1hyeS421Z4xZWBZZtX989yVdWDo
 ryD2eqwvMFJhoZc/Rr5NZnv0D+ozn+qFd3Td6wpQK8d8CeYrD/TmtPsX2ABZD2Nx
 so2EY+73+YGYtqVHiVlFNjI4IpUb2bkjwPXfonr9N4ZPiVF4eEf08iOVKmWHpvE1
 Jg3R8EHyZ//osphfPyfoTP8w5FSaO7La/p5HuyXYIYnnZSy6Zqz9YZ5AfPFedpwN
 1LrOI5hukgXms+LwO8AONNqYJsaDkwNivpmh3EGM/HLICwv8yXiY69E3EopaaTfY
 lWqZ7GZA9kFkykyfnb+g4wlu/OdfHLtuMLiB++4bPsChVFh1FPOxxL96JOnmA+jh
 7F3T50guec5z4plaw68vYkiUS0vC1A20qqW0GJLgutSlQDR9s66Wr64I8ltgZCHQ
 vs8paRHqYrmZt4TM1EgMEvRszSgCEw0p9vGYeF6UuhdWHo1E6ecwpelUzpjUF33k
 sNvyhdW17l1IAwT5vT1tt93zPJ8edjJ6IKsWmB8hhKzmyrmJnlzr+vMPRP2LZiJX
 qiFzgWNbdhb+j4v4apvOIpas2oJdX30nhqnTsU8zlz1SfiGf8G1d5RRkacuR3Bxj
 9eYRlqsxcKvF4z1owMbhmFd2sDhgSVRsN4W5OFqzwF4fjr5QaQY=
 =O3tj
 -----END PGP SIGNATURE-----

add flag

PS C:\Users\kevin\Downloads> git cat-file -p 75e7c1f3b178941ef76997bc3a9ca19bdc0dda09
100644 blob 741fa59ac9ec45f978d799bd88b7290bc304abdd    flag.txt

blob 32[nul]lactf{u51n9_dum8_g17_pr070c01z}

we get the flag.

ky28059/LA CTF 2024 my poor git writeup.md

LA CTF 2024 — my poor git