For this challenge we get a zip file named “gitIsGood”. After unziping the file we get a git directory file with the following files inside of it:
$ ls
flag.txt
$ cat flag.txt
flag{REDACTED}
Since the flag file exists, we can probably recover the flag by going to a previous version of the git repository. By looking at the logs we can see that 3 commits where made
$ git log
commit d10f77c4e766705ab36c7f31dc47b0c5056666bb (HEAD -> master)
Author: LaScalaLuke <lascala.luke@gmail.com>
Date: Sun Oct 30 14:33:18 2016 -0400
Edited files
commit 195dd65b9f5130d5f8a435c5995159d4d760741b
Author: LaScalaLuke <lascala.luke@gmail.com>
Date: Sun Oct 30 14:32:44 2016 -0400
Edited files
commit 6e824db5ef3b0fa2eb2350f63a9f0fdd9cc7b0bf
Author: LaScalaLuke <lascala.luke@gmail.com>
Date: Sun Oct 30 14:32:11 2016 -0400
edited files
Last commit is the one that HEAD points to meaning that is the current version of the repository. By “going back” to the previous to last commit we get the following:
$ git checkout 195dd65b9f5130d5f8a435c5995159d4d760741b
Note: switching to '195dd65b9f5130d5f8a435c5995159d4d760741b'.
.
.
.
HEAD is now at 195dd65 Edited files
$ ls
flag.txt
$ cat flag.txt
flag{protect_your_git}
And we found the flag flag{protect_your_git}!