DACTF 2024 - The Forked Up Secret

# DACTF 2024 - The Forked Up Secret **Title:** The Forked Up Secret **Description:** Our intern Sarah was speedrunning her first contribution at midnight. She forked our repo, pasted something really confidential into the readme, then panic-deleted the fork when she realized what she committed. Little did she know, parent repos never forget their children's sins... ## Solution: This challenge was about uncovering a deleted commit associated with a GitHub repository. While the fork containing the commit was deleted, the commit itself was pushed to the upstream repository and still existed there, accessible via a commit hash. In this case, a 4-character hash works. #### Approach 1. **Understand GitHub's Commit Structure:** GitHub allows access to specific commits via a URL: ```bash https://github.com/<user>/<repo>/commit/<hash> ``` A full hash is 40 characters, but shorter hashes can also work as long as they uniquely identify a commit. 2. **Brute-Forcing Short Hashes:** The challenge required finding a valid 4 character short hash (starting with a specific prefix, `47`, as hinted). To do this, I wrote a Python script that brute-forces possible hashes until a valid commit URL is found. 3. **Craft a brute-force script to guess the short hash.** Since the challenge hinted that Sarah panic-deleted the fork, we can assume the commit is relatively recent and likely has a short hash near the repository's parent. The script below iterates through possible short hashes to find a valid commit: ```python import itertools import requests chars = "abcdef0123456789" def all_possibilities(chars, length): yield from itertools.product(*([chars] * length)) for p in all_possibilities(chars, 2): # Try combinations like '00', '01', ..., 'ff' short_hash = "47" + "".join(p) # Prepend "47" based on challenge hints url = f"https://github.com/Monke-Pablo/SnazzyNarwhal/commit/{short_hash}" print(f"Trying {short_hash}...") response = requests.get(url) if response.status_code != 404: print(f"Found valid commit: {short_hash}, Status Code: {response.status_code}") print(f"URL: {url}") break ``` 3. **Finding the Commit:** ``` https://github.com/Monke-Pablo/SnazzyNarwhal/commit/47<xx> ``` The script iterated through the short hash possibilities and eventually found a valid commit URL: ![image](https://i.imgur.com/rnDoDxr.png) Checking out the link: ![image](https://i.imgur.com/HCQCO8w.png) We get this string in the pastebin file: `REFDVEZ7U3AzY3RyNGxfQzBtbWl0NV9INHVudDFuZ19MMDV0X1IzcDA1XzkyODF9` Decoding it reveals the flag: ```bash $ echo "REFDVEZ7U3AzY3RyNGxfQzBtbWl0NV9INHVudDFuZ19MMDV0X1IzcDA1XzkyODF9" | base64 -d DACTF{Sp3ctr4l_C0mmit5_H4unt1ng_L05t_R3p05_9281} ```