Skip to content

Latest commit

 

History

History

Shrek_Fans_Only

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
1-1.png
1-1.png
 
 
2-1.png
2-1.png
 
 
2-2.png
2-2.png
 
 
2-3.png
2-3.png
 
 
README.md
README.md
 
 

README.md

Shrek Fans Only

Shrek seems to be pretty angry about something, so he deleted some important information off his site. He murmured something about Donkey being too *committed* to infiltrate his swamp. Can you *checkout* the site and see what the *status* is?

Background Knowledges

Tools

  • wget
  • base64
  • zlib-flate

Description

  • Analyze link
    • 1-1
      • getimg.php?img=aW1nMS5qcGc=
      • echo aW1nMS5qcGc= | base64 --decode -> img1.jpg
      • File-inclusion vulnerable.
  • Get git commit history.
    • 2-1
      • To get flag, we have to find difference between 759be9 Initial commit and 976b62 remove flag.
    • 2-2
      • Follow the tree object of each commit object.
      • SHA-1 sum of index.php is different. This means that there are changes.
      • Flag must be deleted from index.php.
    • 2-3
      • Follow the blob object of index.php in 759be9 Initial commit.
      • The flag shows up.
  • utflag{honey_i_shrunk_the_kids_HxSv03jgkj}