commit 3eebf5778e63d897fe8f7a58d7ece4255be28e20 Author: Louis Burda <quent.burda@gmail.com> Date: Thu, 14 Mar 2024 20:32:22 +0100 Add solution Diffstat:
| A | chall/flag | | | 1 | + |
| A | chall/notes | | | 31 | +++++++++++++++++++++++++++++++ |
2 files changed, 32 insertions(+), 0 deletions(-)
diff --git a/chall/flag b/chall/flag @@ -0,0 +1 @@ +CSCG{did_you_know_about_mirror_clones?} diff --git a/chall/notes b/chall/notes @@ -0,0 +1,31 @@ +Check events api: +https://api.github.com/repos/VoidCollective/TheGreatNothing/events +=> shows create 2 events; one for the repo and one for main branch + +There are no commits: +https://api.github.com/repos/VoidCollective/TheGreatNothing/commits + +Looking around the api we find: +https://api.github.com/repos/VoidCollective/TheGreatNothing/git/refs +Shows a single ref with blob and ref atomic/origin + +take that blob and decode -> flag + +but why atomic/origin? + +heres a nice one-liner to try check out api endpoint with timeout: +curl https://api.github.com/repos/VoidCollective/TheGreatNothing + | jq 'with_entries(select(.key | endswith("_url"))) | .[] | select(type == "string")' + | cut -d{ -f1 | xargs -I{} -- "sleep 5 && curl -L {}" + +beware you run into the api limit very quickly + +looks like it was uploaded with the blobs api: +https://docs.github.com/en/rest/git/blobs?apiVersion=2022-11-28 + +so what was the idea behind:? +A friend of mine keeps nagging me to stop using GUI git tools. Tells me I am missing something... +He set up this repo to prove it. But it is empty: https://github.com/VoidCollective/TheGreatNothing + +maybe that the gui will create a git event and if you use the api directly you can +create one without?