(HELP) CTF solving help please.

error · January 2, 2019, 8:48am

Hi,
I was trying to solve the following ctf challenge
https://biplobi.com/ctf/view/18
I have already found the encrypted email of admin. Decrypted the base64 also.
First I got Kl4qJiNeKmlsQCYjIyZsZS5jI14=
Then after decoding I got *^*&#^*il@&##&le.c#^
Now what are my steps.
Can you please help me?

Exploit-Baba · January 2, 2019, 12:52pm

I have tried… @Khan

santner · January 2, 2019, 2:15pm

Looks like a substitution cipher maybe?

santner · January 2, 2019, 2:21pm

Here are all the possible solutions
Screenshot removed
So I guess the most heuristic mail is removed?

error · January 2, 2019, 3:05pm

Thanks bro.
To me it doesn’t look like a bruteforce problem.
I have done nmap scan. It showed a robots.txt
Disallow /.git
But cannot understand what to do?

santner · January 2, 2019, 3:07pm

Oh…

You see u can get the source of the website using .git. I guess it was easier then expected eh?

Check out this!

and btw recommend learning git!

error · January 2, 2019, 3:08pm

It gave the correct flag bro.
Thanks

santner · January 2, 2019, 3:09pm

You are welcome! and checkout git

error · January 2, 2019, 3:10pm

Sure bro.
Trying to understand the git thing.

santner · January 2, 2019, 3:11pm

See if u download the .git you can basically check the whole history of the project! Like this,
Screenshot removed

error · January 2, 2019, 3:15pm

OMG
Great. Basically I can see the source codes?
Great one. Have a lot to learn. Thanks a lot bro.

santner · January 2, 2019, 3:18pm

Yeah. Basically devs use git for version control. aka, if it’s like a time machine for projects if anything goes wrong. The .git folder alone can recover the whole project if u accidentally delete or modify sth u shouldn’t have. So if u leave this on the server, ur basically giving ur whole projects history.

Exploit-Baba · January 2, 2019, 4:11pm

@santner I have tried with this wget --mirror -I .git http://cs2.biplobi.com/biddyut-barta/.git/ but it shows empty folder.

error · January 2, 2019, 4:17pm

Bro try this

Exploit-Baba · January 2, 2019, 4:27pm

Thanks a lot bro @error… It works.

santner · January 2, 2019, 4:34pm

I used -r for --recursive. --mirror didn’t work for me either
Maybe the article is too old

Exploit-Baba · January 2, 2019, 4:43pm

It works bro…

Shouvo · January 2, 2019, 5:59pm

i think this spoiler should be remove from here @1337

Exploit-Baba · January 2, 2019, 6:49pm

I respect your comment bro… but I think it should be. It’s an open source program and many things comes out to learn. I think it will be helpful to all. btw bro @1337 you should take your own way.

Shouvo · January 2, 2019, 6:54pm

you can discuss about this topic but don’t directly discuss about spoiler or something like that.