Tags: web git 

Rating:

# ▼▼▼Git Gud(Web:100)、527/948team=55.6%▼▼▼
**This writeup is written by [@kazkiti_ctf](https://twitter.com/kazkiti_ctf)**

---

```
Jimmy has begun learning about Version Control Systems and decided it was a good time to put it into use for his person website. Show him how to Git Gud.

http://gitgud.tuctf.com
```

-----

問題名がgitなので、下記フォルダにアクセスしてみる。

```
GET /.git/ HTTP/1.1
Host: gitgud.tuctf.com
```

```
HTTP/1.1 200 OK
Date: Sat, 25 Nov 2017 05:16:20 GMT
Server: Apache/2.4.10 (Debian)
Vary: Accept-Encoding
Content-Length: 3081
Connection: close
Content-Type: text/html;charset=UTF-8

<html>
<head>
<title>Index of /.git</title>
</head>
<body>
<h1>Index of /.git</h1>
<table>
<tr><th valign="top"></th><th>Name</th><th>Last modified</th><th>Size</th><th>Description</th></tr>
<tr><th colspan="5"><hr></th></tr>
<tr><td valign="top"></td><td>Parent Directory</td><td> </td><td align="right"> - </td><td> </td></tr>
<tr><td valign="top"></td><td>COMMIT_EDITMSG</td><td align="right">2017-11-24 22:43 </td><td align="right">237 </td><td> </td></tr>
<tr><td valign="top"></td><td>HEAD</td><td align="right">2017-11-21 22:45 </td><td align="right"> 23 </td><td> </td></tr>
<tr><td valign="top"></td><td>ORIG_HEAD</td><td align="right">2017-11-21 22:45 </td><td align="right"> 41 </td><td> </td></tr>
<tr><td valign="top"></td><td>branches/</td><td align="right">2017-11-21 22:45 </td><td align="right"> - </td><td> </td></tr>
<tr><td valign="top"></td><td>config</td><td align="right">2017-11-21 22:45 </td><td align="right"> 92 </td><td> </td></tr>
<tr><td valign="top"></td><td>description</td><td align="right">2017-11-21 22:45 </td><td align="right"> 73 </td><td> </td></tr>
<tr><td valign="top"></td><td>hooks/</td><td align="right">2017-11-21 22:45 </td><td align="right"> - </td><td> </td></tr>
<tr><td valign="top"></td><td>index</td><td align="right">2017-11-24 22:42 </td><td align="right">529 </td><td> </td></tr>
<tr><td valign="top"></td><td>info/</td><td align="right">2017-11-21 22:45 </td><td align="right"> - </td><td> </td></tr>
<tr><td valign="top"></td><td>logs/</td><td align="right">2017-11-21 22:45 </td><td align="right"> - </td><td> </td></tr>
<tr><td valign="top"></td><td>objects/</td><td align="right">2017-11-24 22:42 </td><td align="right"> - </td><td> </td></tr>
<tr><td valign="top"></td><td>refs/</td><td align="right">2017-11-21 22:45 </td><td align="right"> - </td><td> </td></tr>
<tr><th colspan="5"><hr></th></tr>
</table>
<address>Apache/2.4.10 (Debian) Server at gitgud.tuctf.com Port 80</address>
</body></html>
```

gitデータを発見できた

-----

gitデータを取得する

```
$ perl rip-git.pl -v -u http://gitgud.tuctf.com/.git/
[i] Downloading git files from http://gitgud.tuctf.com/.git/
[i] Auto-detecting 404 as 200 with 3 requests
[i] Getting correct 404 responses
[i] Using session name: uHDjuxgy
[d] found COMMIT_EDITMSG
[d] found config
[d] found description
[d] found HEAD
[d] found index
[!] Not found for packed-refs: 404 Not Found
[!] Not found for objects/info/alternates: 404 Not Found
[!] Not found for info/grafts: 404 Not Found
[d] found logs/HEAD
[d] found objects/53/3b77a8e575c929e23929dbc81a58feff50be30
[d] found objects/85/817d8bcfd8b578b065fbcceb8cda3d11ac5f77
[d] found objects/2b/f27e3ef01b459a6d573b3bcd760f19da453a74
[d] found objects/03/b43cac7287c68eb7c89e47bf0907a0600126f0
[d] found objects/cf/b7e1cbb11d866d4084920fde50077d26bb0953
[d] found objects/2c/6190537a2655121ccb9647765fa99687afec25
[d] found objects/4f/a0acbccd0885dace2f111f2bd7a120abc0fb4e
[d] found objects/b7/f1a7252c33f95c70b723cbfb2c1dd8aabf5545
[d] found objects/2c/6190537a2655121ccb9647765fa99687afec25
[d] found objects/b7/f1a7252c33f95c70b723cbfb2c1dd8aabf5545
[d] found objects/2c/6190537a2655121ccb9647765fa99687afec25
[d] found objects/22/f63ceab55efe05c5448676a3470b13b6545f74
[d] found objects/40/b1b2d413f94b7d31c2ed1f6594053393d6bf5f
[d] found objects/d8/b0e38d80f0ede68ae31e8281510340c429d71f
[d] found objects/0e/fe9b6c15150d6318e9531ab52205b9deeeb02b
[d] found objects/60/1f8b1517e013453a9d65383f6c77e18a683775
[d] found objects/3c/a6f67f6e0d2a84709ddf1d93ccc8e552a6cd28
[d] found objects/ba/b29294d410e7f2e3543d5018559809477c5873
[d] found objects/a6/d68038d59f27c0b90976617a64b933ac016d87
[d] found objects/55/b4ae7d2a98d6e5afecd4765a5fd8196036ffa7
[d] found objects/9e/78ef4e494a8e9288ba85b07e34f64c88327fe5
[d] found objects/34/6114b24e1797a8db126dde23106f793c7c0f51
[d] found objects/f8/95f5561ef6ee238a23a2fa504571ffb4223096
[d] found objects/15/5a17ef658aa77dd7c482035d98c745881a56ab
[d] found objects/08/cd273897b150e35fb0cea7af3c4ccc434de81e
[d] found objects/15/efa7acd0acb66872892488546e283b166dd201
[d] found objects/3e/be7abbb15eacfff960f16c6fda51bbd5f54352
[d] found objects/bf/bafda9b116c2f762485b00d546eb89b2b4de02
[d] found objects/b8/c0fb10976809a46ee2d7ddfec11884179b1ebb
[d] found objects/ae/0b4f2ea0b2cffdc8da029d7b12a3801dbecf2a
[d] found objects/48/86e3f73da81de2f17d3151ab6acafd1791d2d6
[d] found objects/95/903dc1c79b3febf2539b427a2e67c59c8bed90
[d] found objects/f6/0c31d83c09154f28e0be41b1d5dbaa5c395cf5
[d] found objects/55/1e6fc80b1f578c1dcca37457a9a1227418e7d2
[d] found objects/3f/c9676f3cd72057f871bb549285bfba9104594a
[d] found objects/2d/d3e17e06c01fa0350ba262cd7145a6490a6164
[d] found objects/1f/7da9fec05bdd6cce46648c4ccd69fe01bbbc0e
[d] found objects/b6/d67496b526f15f908be4ae02cd8318c27ad68a
[d] found objects/54/c176f726f9d8f0c41e24376ec23e69177aec35
[d] found objects/d9/776dd49fdd578d807df6a23f601d1e210dbbc3
[d] found objects/9c/de9ce8cde96970924842eefbd6639223205e21
[d] found objects/6e/30239743abe21d07c316ffa5848a24da4d3fa2
[d] found objects/0c/cdc6a7878f2cd0df100f34d094ce7e9f8dcef0
[d] found objects/a6/2a1b71b8f7c0ac423dc3df42a68aa308bfaf4a
[d] found objects/79/7db1ded045bbef03fcfcad00927ede6487a586
[d] found objects/d3/30d7bd1b0b092309e6e7e9df4d0662190e57b7
[d] found objects/af/63f881586d54015d5a20b23aac2b3b3c86aec7
[d] found objects/68/f454f26007f6a58f77abe3e8970840c9470d38
[d] found objects/8e/7b147046124e3103d3182ca0da5496cbbd54b4
[d] found objects/95/306a2294ec653ca81d8f92f343893b21286e89
[d] found objects/56/1631b333516a8db23d4bef1700e84469ee0ac5
[d] found objects/3c/23eefd95613aac91e36ff346d747d75ec5e3c5
[d] found refs/heads/master
[i] Running git fsck to check for missing items
Checking object directories: 100% (256/256), done.
error: 587646f096504f6d9ecbe310ef5f835d0bbc15b8: invalid sha1 pointer in cache-tree
[d] found objects/01/c4e4b4cc1e82e233045d9b3434616d2e9facd9
[d] found objects/06/fa94aeb2aef1f589d28873d6b5fc5a40aab2c7
[d] found objects/06/4cd23bc06b1a6dda5fcd373c938c75b4c5c6a3
[d] found objects/0c/8e6d8c7e47f8626accee6c35bda538777337b3
[d] found objects/0d/fd1eb828f857ce95bcd593ee474fc392bfda4f
[d] found objects/1a/348966ee0bee969c0ab166510ef08535ff13d4
[d] found objects/1c/0a7b5f06b09258fbc5a16759b3a81667c74f73
[d] found objects/23/2d6e2c81ef85274a976c75bd68101f03089b43
[d] found objects/24/b4bf37c50254adb625e1bac4ae7c37314213fe
[d] found objects/22/44071102be6bb65a435ff1be1164f37d8caf4e
[d] found objects/29/55848ec0f9004907a0cbe852c01467739f5430
[d] found objects/2d/9bd8fc55a09a75b8b4886e191ba4ea061cfac5
[d] found objects/34/ed56628c6b84516529454eb1c0c5049e6de506
[d] found objects/36/137e94e2900527f77f25ac0b91d8823d488ee3
[d] found objects/45/2a1095a1da29ccfe97f49c65586deb20aba5ab
[d] found objects/4d/cf5c4c62811ef7665ed18ab67da1ffad920938
[d] found objects/58/7646f096504f6d9ecbe310ef5f835d0bbc15b8
[d] found objects/55/22795004f0d170e1ea2b0dc1e3545e1f106b20
[d] found objects/53/e78934a88c4414e292245db4484c5e6d131373
[d] found objects/55/08313f831221968a5d66416c280162ae40170c
[d] found objects/5c/c9f63f4ba71749f025d7e3cbe0e806a3ed3702
[d] found objects/61/315dcca584181b2580b1cdf6e5d36f0323a752
[d] found objects/66/72f0adcdd85d6f0c7555f3439b801a71856475
[d] found objects/6d/532f3e98943a51522320e7e6b92bfcf299cd54
[d] found objects/71/ca7c3cda0d2846ef46ab8d930f1137c2835ca1
[d] found objects/71/437abc098466c47bd9b870e7ab9ef2eae9ac45
[d] found objects/72/f770d4d8cb1a30e093c408ad69babb15c32997
[d] found objects/7c/4f089886c5db8b8661729fd852bc60763a123e
[d] found objects/80/d5d4aa7b03d77c4dd40e6e28c6cc78772461b5
[d] found objects/8c/784900e0d8308473058747f016081d58b76443
[d] found objects/92/bc3733e71c917f6d71ad22819a82ac6ad52b38
[d] found objects/95/8d7ae6639aceff99fa080a946acc39a3c6db2e
[d] found objects/9a/00dc47684f52e72dac9f698d86362a71d9eeb3
[d] found objects/9b/67157136ae057343ea107b60a86ed5599632b3
[d] found objects/a2/f3eb817374e29e2ad8013cecfc6710b1c29d9a
[d] found objects/a5/cb3d11faef6d68c44de8c911d72fa9b5a6bb70
[d] found objects/a8/664803cf90f37903afe1a56b8c9ee723dd9e7f
[d] found objects/b0/f30828b576f99e0f7b906b751a32969182913f
[d] found objects/bb/0399016a7a78be499628c53e43dbaf5a6174d6
[d] found objects/bd/373b44b3b50623e57336ecf489a29576d5f473
[d] found objects/c2/faf8ca93d1db420d2dcfdc8e2b70c5d85bc524
[d] found objects/d0/bf8e4df3e3d293e6cbec51deaad4db12232c45
[d] found objects/d1/4a15f980006676d981e36e2be259d3bc569cf1
[d] found objects/d5/c920032124df5b879ffacb99b0c29132cb7d49
[d] found objects/db/478483b3269715ee0ab99b51745714c808d574
[d] found objects/dc/dab14f69260c50a4081cdcf2b7b6084678c134
[d] found objects/e4/ce37c4e360405db98a602cb3b9e566e873f4a7
[d] found objects/e9/e3d44508772832ac8eab3dbfd1cff0cdd3aeb2
[d] found objects/ee/f0a85bc8c9d2e36ddad686bae2ed7143a2e10b
[d] found objects/f3/dd2fe6692e4a19717f0195717b6851dd3524c3
[d] found objects/f6/9423102d010b4f49379141b53a58ba3672c835
[d] found objects/f7/3869185fca9c2dfa786179d8ebd81745b90b01
[d] found objects/f8/54c222c3bfd31e305458ad9008c6e8ba55d5dd
[i] Got items with git fsck: 53, Items fetched: 53
[i] Running git fsck to check for missing items
Checking object directories: 100% (256/256), done.
[d] found objects/22/a81b6afb2d31b7b40c8e997ea3f80ca03a31a3
[d] found objects/23/6e85286747e3bd42819f173ec5c7bcc15cb4f6
[d] found objects/25/121cd6f15776125c846b78e6e3caef9f4717df
[d] found objects/25/328860bdfb08881715caf94167c1d534408014
[d] found objects/25/e084a05a90d221cd04ecc9c82d4d984c672bfb
[d] found objects/2a/a0538aedb9789146d2aba319416284c98e1775
[d] found objects/2d/20ef3abaddd1aba6f97084a6e6a70b268f650c
[d] found objects/42/6cdd1ac2531fa5e8d9ac3d18f3d6098337ec5a
[d] found objects/4e/c2792b20f38c5ba23efba05275ac70d388fc58
[d] found objects/75/a2c5fbf42d2408833553d1189bf72f5b198768
[d] found objects/a1/28fc01d0bb67a731484107f469c5eb92408eae
[d] found objects/ab/32ceae6d99cf75b9a7ac475c95b3d4f4e754e7
[d] found objects/b1/5442502509af151406ee21903cf44dff340f70
[d] found objects/b8/665ba15c1c9c511dba4c89d82d2fe521d42b28
[d] found objects/ba/0ee6b359d7e8c4f826090bf664fd0dd89f23a8
[d] found objects/e7/1e1d004b2cbfdf45be9b268eb1364c9e4a3696
[d] found objects/fa/aee4b5ed4d80a475a1788dc234fd1bb99f4422
[d] found objects/fe/4ea28ea917479fa7e32dc84a8c23e0470fb5f0
[d] found objects/07/f94347618e434e9970995674ba6c7103912a5d
[d] found objects/0a/a3bd788682a7f9c8268bdb176d8491ae869d63
[d] found objects/0e/43601b1f27d9f8d8788481781e68500683f2bc
[d] found objects/1a/b1f7b746b2cf873546900b0b33235ba659d605
[d] found objects/1b/8dce466f869b64930f9238524c57f050f69d5f
[d] found objects/2a/31291a3ab4f8f05e9a421617abaa524da0b89f
[d] found objects/30/cd5f1554abbe86c3b73599319f9075370e3cfc
[d] found objects/35/3589fc6a0a098f208cd7b2a391ecc4b65d8b56
[d] found objects/3b/95486c5e868f7f76c61cffe95adfecc6418df1
[d] found objects/4a/835d7c87951e3cc88a641f94919b5f37bf8fa0
[d] found objects/64/2bc646f7b9fa4ea352f418aa52246aa79f5894
[d] found objects/90/2328d138371b4ff66e0bcbe49b58d3f5c428a6
[d] found objects/98/5dd436af62c76daa694f9fd2bcbd5ca68b61f3
[d] found objects/a0/438b2b3f9c41b14ff02eae8ece9a4384bdcbf9
[d] found objects/ad/d99a2fe597e65b6c6abbdb47d4c7be69bc7b18
[d] found objects/ad/975019c0bb29981a9bdf54674a66a171ed1014
[d] found objects/b3/0d6e108f562a8291076c6b0af74a6537ce5f2b
[d] found objects/ba/a136b9979826b6f1a8a6fcdcc58df0677dba04
[d] found objects/ba/11f6421a9dcfab82256c74b6023c897cdfa389
[d] found objects/cb/03688c1e2ce92346c4baed63787e807e1269c2
[d] found objects/d3/77b37ae193d6b773e300e5fbd6c29142193842
[d] found objects/d8/33bbffb80d9a1d58acf76854a8d2c905926dff
[d] found objects/f8/2198150dc4cd132cd30bacf83898c172a7cf65
[d] found objects/fa/b1084fda7ddb5e0cf71cbefcf6c835654244db
[i] Got items with git fsck: 42, Items fetched: 42
[i] Running git fsck to check for missing items
Checking object directories: 100% (256/256), done.
[i] Got items with git fsck: 0, Items fetched: 0
[!] No more items to fetch. That's it!
```

下記ファイルを取得できた

`about.html blog.html contact.html gitgud.gif index.html`

特にflagらしきものは発見できない。

-----

gitのlogを確認していく。

```
GET /.git/logs/HEAD HTTP/1.1
Host: gitgud.tuctf.com
```

```
HTTP/1.1 200 OK
Date: Sat, 25 Nov 2017 05:30:47 GMT
Server: Apache/2.4.10 (Debian)
Last-Modified: Fri, 24 Nov 2017 22:43:36 GMT
ETag: "203c-55ec24882eec0"
Accept-Ranges: bytes
Content-Length: 8252
Connection: close

0000000000000000000000000000000000000000 533b77a8e575c929e23929dbc81a58feff50be30 Jimmy <[email protected]> 1511293760 +0000 commit (initial): Initial commit
533b77a8e575c929e23929dbc81a58feff50be30 85817d8bcfd8b578b065fbcceb8cda3d11ac5f77 Jimmy <[email protected]> 1511293803 +0000 commit: Created index
85817d8bcfd8b578b065fbcceb8cda3d11ac5f77 2bf27e3ef01b459a6d573b3bcd760f19da453a74 Jimmy <[email protected]> 1511293901 +0000 commit: Added about page
2bf27e3ef01b459a6d573b3bcd760f19da453a74 03b43cac7287c68eb7c89e47bf0907a0600126f0 Jimmy <[email protected]> 1511293917 +0000 commit: Added contact page
03b43cac7287c68eb7c89e47bf0907a0600126f0 cfb7e1cbb11d866d4084920fde50077d26bb0953 Jimmy <[email protected]> 1511295249 +0000 commit: Added blog
cfb7e1cbb11d866d4084920fde50077d26bb0953 2c6190537a2655121ccb9647765fa99687afec25 Jimmy <[email protected]> 1511297071 +0000 commit: Updated blog
2c6190537a2655121ccb9647765fa99687afec25 4fa0acbccd0885dace2f111f2bd7a120abc0fb4e Jimmy <[email protected]> 1511297220 +0000 commit: Added flag
4fa0acbccd0885dace2f111f2bd7a120abc0fb4e b7f1a7252c33f95c70b723cbfb2c1dd8aabf5545 Jimmy <[email protected]> 1511297303 +0000 commit: Updated blog
b7f1a7252c33f95c70b723cbfb2c1dd8aabf5545 2c6190537a2655121ccb9647765fa99687afec25 Jimmy <[email protected]> 1511297369 +0000 checkout: moving from master to 2c6190537a265
2c6190537a2655121ccb9647765fa99687afec25 b7f1a7252c33f95c70b723cbfb2c1dd8aabf5545 Jimmy <[email protected]> 1511297446 +0000 checkout: moving from 2c6190537a2655121ccb9647765fa99687afec25 to master
b7f1a7252c33f95c70b723cbfb2c1dd8aabf5545 2c6190537a2655121ccb9647765fa99687afec25 Jimmy <[email protected]> 1511297454 +0000 reset: moving to 2c6190537a2655
2c6190537a2655121ccb9647765fa99687afec25 22f63ceab55efe05c5448676a3470b13b6545f74 Jimmy <[email protected]> 1511297558 +0000 commit: Added flag
22f63ceab55efe05c5448676a3470b13b6545f74 40b1b2d413f94b7d31c2ed1f6594053393d6bf5f Jimmy <[email protected]> 1511297597 +0000 commit: Updated blog
40b1b2d413f94b7d31c2ed1f6594053393d6bf5f d8b0e38d80f0ede68ae31e8281510340c429d71f Jimmy <[email protected]> 1511298015 +0000 commit: Added about page to index
d8b0e38d80f0ede68ae31e8281510340c429d71f 0efe9b6c15150d6318e9531ab52205b9deeeb02b Jimmy <[email protected]> 1511298118 +0000 commit: Added contact to index
0efe9b6c15150d6318e9531ab52205b9deeeb02b 601f8b1517e013453a9d65383f6c77e18a683775 Jimmy <[email protected]> 1511298184 +0000 commit: Added blog to index
601f8b1517e013453a9d65383f6c77e18a683775 3ca6f67f6e0d2a84709ddf1d93ccc8e552a6cd28 Jimmy <[email protected]> 1511298247 +0000 commit: Added line break
3ca6f67f6e0d2a84709ddf1d93ccc8e552a6cd28 bab29294d410e7f2e3543d5018559809477c5873 Jimmy <[email protected]> 1511298288 +0000 commit: Updated blog
bab29294d410e7f2e3543d5018559809477c5873 a6d68038d59f27c0b90976617a64b933ac016d87 Jimmy <[email protected]> 1511298543 +0000 commit: Added index to about
a6d68038d59f27c0b90976617a64b933ac016d87 55b4ae7d2a98d6e5afecd4765a5fd8196036ffa7 Jimmy <[email protected]> 1511298588 +0000 commit: Added contact to about
55b4ae7d2a98d6e5afecd4765a5fd8196036ffa7 9e78ef4e494a8e9288ba85b07e34f64c88327fe5 Jimmy <[email protected]> 1511298628 +0000 commit: Added blog to about
9e78ef4e494a8e9288ba85b07e34f64c88327fe5 346114b24e1797a8db126dde23106f793c7c0f51 Jimmy <[email protected]> 1511298647 +0000 commit: Added line break
346114b24e1797a8db126dde23106f793c7c0f51 f895f5561ef6ee238a23a2fa504571ffb4223096 Jimmy <[email protected]> 1511298719 +0000 commit: Added more line breaks
f895f5561ef6ee238a23a2fa504571ffb4223096 155a17ef658aa77dd7c482035d98c745881a56ab Jimmy <[email protected]> 1511298768 +0000 commit: Updated blog
155a17ef658aa77dd7c482035d98c745881a56ab 08cd273897b150e35fb0cea7af3c4ccc434de81e Jimmy <[email protected]> 1511298875 +0000 commit: Removed flag
08cd273897b150e35fb0cea7af3c4ccc434de81e 15efa7acd0acb66872892488546e283b166dd201 Jimmy <[email protected]> 1511299875 +0000 commit: Updated blog
15efa7acd0acb66872892488546e283b166dd201 3ebe7abbb15eacfff960f16c6fda51bbd5f54352 Jimmy <[email protected]> 1511300415 +0000 commit: Added index to contact
3ebe7abbb15eacfff960f16c6fda51bbd5f54352 bfbafda9b116c2f762485b00d546eb89b2b4de02 Jimmy <[email protected]> 1511300447 +0000 commit: Added about to contact
bfbafda9b116c2f762485b00d546eb89b2b4de02 b8c0fb10976809a46ee2d7ddfec11884179b1ebb Jimmy <[email protected]> 1511300494 +0000 commit: Added blog to contact
b8c0fb10976809a46ee2d7ddfec11884179b1ebb ae0b4f2ea0b2cffdc8da029d7b12a3801dbecf2a Jimmy <[email protected]> 1511300530 +0000 commit: Added line break
ae0b4f2ea0b2cffdc8da029d7b12a3801dbecf2a 4886e3f73da81de2f17d3151ab6acafd1791d2d6 Jimmy <[email protected]> 1511300572 +0000 commit: Added another line break
4886e3f73da81de2f17d3151ab6acafd1791d2d6 95903dc1c79b3febf2539b427a2e67c59c8bed90 Jimmy <[email protected]> 1511300671 +0000 commit: Updated blog
95903dc1c79b3febf2539b427a2e67c59c8bed90 f60c31d83c09154f28e0be41b1d5dbaa5c395cf5 Jimmy <[email protected]> 1511300713 +0000 commit: Added index to blog
f60c31d83c09154f28e0be41b1d5dbaa5c395cf5 551e6fc80b1f578c1dcca37457a9a1227418e7d2 Jimmy <[email protected]> 1511300754 +0000 commit: Added about to blog
551e6fc80b1f578c1dcca37457a9a1227418e7d2 3fc9676f3cd72057f871bb549285bfba9104594a Jimmy <[email protected]> 1511300778 +0000 commit: Added contact to blog
3fc9676f3cd72057f871bb549285bfba9104594a 2dd3e17e06c01fa0350ba262cd7145a6490a6164 Jimmy <[email protected]> 1511300801 +0000 commit: Added line break
2dd3e17e06c01fa0350ba262cd7145a6490a6164 1f7da9fec05bdd6cce46648c4ccd69fe01bbbc0e Jimmy <[email protected]> 1511300812 +0000 commit: Added another line break
1f7da9fec05bdd6cce46648c4ccd69fe01bbbc0e b6d67496b526f15f908be4ae02cd8318c27ad68a Jimmy <[email protected]> 1511300947 +0000 commit: Updated blog
b6d67496b526f15f908be4ae02cd8318c27ad68a 54c176f726f9d8f0c41e24376ec23e69177aec35 Jimmy <[email protected]> 1511301216 +0000 commit: Updated blog
54c176f726f9d8f0c41e24376ec23e69177aec35 d9776dd49fdd578d807df6a23f601d1e210dbbc3 Jimmy <[email protected]> 1511301393 +0000 commit: Updated README
d9776dd49fdd578d807df6a23f601d1e210dbbc3 9cde9ce8cde96970924842eefbd6639223205e21 Jimmy <[email protected]> 1511301534 +0000 commit: Updated blog
9cde9ce8cde96970924842eefbd6639223205e21 6e30239743abe21d07c316ffa5848a24da4d3fa2 Jimmy <[email protected]> 1511301674 +0000 commit: Added a title to my blog
6e30239743abe21d07c316ffa5848a24da4d3fa2 0ccdc6a7878f2cd0df100f34d094ce7e9f8dcef0 Jimmy <[email protected]> 1511301778 +0000 commit: Added line under links on index
0ccdc6a7878f2cd0df100f34d094ce7e9f8dcef0 a62a1b71b8f7c0ac423dc3df42a68aa308bfaf4a Jimmy <[email protected]> 1511301817 +0000 commit: Added line under links on about
a62a1b71b8f7c0ac423dc3df42a68aa308bfaf4a 797db1ded045bbef03fcfcad00927ede6487a586 Jimmy <[email protected]> 1511301836 +0000 commit: Added line under links on contact
797db1ded045bbef03fcfcad00927ede6487a586 d330d7bd1b0b092309e6e7e9df4d0662190e57b7 Jimmy <[email protected]> 1511301868 +0000 commit: Added line under links on blog
d330d7bd1b0b092309e6e7e9df4d0662190e57b7 af63f881586d54015d5a20b23aac2b3b3c86aec7 Jimmy <[email protected]> 1511301941 +0000 commit: Updated blog
af63f881586d54015d5a20b23aac2b3b3c86aec7 68f454f26007f6a58f77abe3e8970840c9470d38 Jimmy <[email protected]> 1511305012 +0000 commit: Updated blog
68f454f26007f6a58f77abe3e8970840c9470d38 8e7b147046124e3103d3182ca0da5496cbbd54b4 Debian <admin@ip-172-16-0-11.us-east-2.compute.internal> 1511391186 +0000 commit: Updated blog
8e7b147046124e3103d3182ca0da5496cbbd54b4 95306a2294ec653ca81d8f92f343893b21286e89 Jimmy <[email protected]> 1511391222 +0000 commit (amend): Updated blog
95306a2294ec653ca81d8f92f343893b21286e89 561631b333516a8db23d4bef1700e84469ee0ac5 root <root@ip-172-16-0-11.us-east-2.compute.internal> 1511563373 +0000 commit: Special thanksgiving post :)
561631b333516a8db23d4bef1700e84469ee0ac5 3c23eefd95613aac91e36ff346d747d75ec5e3c5 Jimmy <[email protected]> 1511563413 +0000 commit (amend): Special thanksgiving post :)
```

flagらしきものが追加されている!

`2c6190537a2655121ccb9647765fa99687afec25 22f63ceab55efe05c5448676a3470b13b6545f74 Jimmy <[email protected]> 1511297558 +0000 commit: Added flag`

巻き戻す

```
$ git reset --hard 22f63ceab55efe05c5448676a3470b13b6545f74
HEAD is now at 22f63ce Added flag
```

flagというファイルを得られたのでテキストエディタなどで開いてみる。

`TUCTF{D0nt_Us3_G1t_0n_Web_S3rv3r}`