Hi,
I was trying to solve the following ctf challenge
https://biplobi.com/ctf/view/18
I have already found the encrypted email of admin. Decrypted the base64 also.
First I got Kl4qJiNeKmlsQCYjIyZsZS5jI14=
Then after decoding I got *^*&#^*il@&##&le.c#^
Now what are my steps.
Can you please help me?
2 Likes
Looks like a substitution cipher maybe?
1 Like
Here are all the possible solutions
Screenshot removed
So I guess the most heuristic mail is removed?
2 Likes
Thanks bro.
To me it doesn’t look like a bruteforce problem.
I have done nmap scan. It showed a robots.txt
Disallow /.git
But cannot understand what to do?
1 Like
Oh…
You see u can get the source of the website using .git. I guess it was easier then expected eh?
and btw recommend learning git!
1 Like
It gave the correct flag bro.
Thanks 
1 Like
You are welcome! and checkout git 
2 Likes
Sure bro.
Trying to understand the git thing.
1 Like
See if u download the .git you can basically check the whole history of the project! Like this,
Screenshot removed
2 Likes
OMG
Great. Basically I can see the source codes?
Great one. Have a lot to learn. Thanks a lot bro.
1 Like
Yeah. Basically devs use git for version control. aka, if it’s like a time machine for projects if anything goes wrong. The .git folder alone can recover the whole project if u accidentally delete or modify sth u shouldn’t have. So if u leave this on the server, ur basically giving ur whole projects history.
1 Like
@santner I have tried with this wget --mirror -I .git http://cs2.biplobi.com/biddyut-barta/.git/ but it shows empty folder.
Bro try this
1 Like
I used -r for --recursive. --mirror didn’t work for me either 
Maybe the article is too old
1 Like
It works bro… 
2 Likes
I respect your comment bro… but I think it should be. It’s an open source program and many things comes out to learn. I think it will be helpful to all. btw bro @1337 you should take your own way.
1 Like
you can discuss about this topic but don’t directly discuss about spoiler or something like that.
1 Like