 what's up guys this is a youtube video for the challenge huge from tjctf a recent capture flag competition this doesn't have a whole lot of solves and i think a lot of people got pretty frustrated with it because it didn't seem like a web attack or really anything to start off with so you have to do a decent amount of reconnaissance and just kind of guess and poke at it a little bit um the challenge prompt is don't think too deep and it gives us a ip address and what seems to be a location on it so some people would try this in the web browser like okay go to that location but it says the site can't be reached that there was no location for it so uh i figured well okay i'll do whatever reconnaissance i can over in the terminal i'll actually go ahead and end map that ip address and this will get us some results uh some of them may be red herrings and what we're taking what we're thinking through and that okay there's ssh we have port 80 supposedly open but we didn't seem that way uh 5901 i didn't do anything with but i was very curious with 9418 because that was supposedly git so i never heard of that before i actually checked out git 9418 and i tried to understand a little bit more of that on a google to do my research i don't know why that browser thing never works so i checked this out and reading a little bit about it it says it's actually just the git protocol and okay control f in for that was not very good but if i check out 9418 it says okay you can use that through the git like notation here not just HTTP or whatever the key or sf tp whatever but it's literally git as a protocol so we could actually try and run that git clone with git and then that location and we get cloning into huge all right cool it looked like it's actually doing something but compressing objects one out of 307 that took a lot of time and it actually spits up out as it breaks out of memory malloc failed that didn't work so i tried all right what about just without the file there without the folder huge whatever looks like it got something so i tried to move into that directory it says this is not the flag dot image i want to try and cut that out but it didn't do anything however it says there's actually a lot there like a hundred megabytes there so i checked it out in hex edit and this was just kind of funny it's literally a bunch of null bytes cool whatever let me out please let me leave please let me out of hex edit thank you so huge dot git there was nothing in here other than just looked like a git repo i tried to strings everything on this i tried to drip for flag etc etc so i realized okay i've got to get around this huge git thing that i tried to run before but it just wouldn't let me so i figured well is there any way that i could just get a portion of the file system or of the repository just download or get clone a couple of it so i tried to research that git clone um only some of the repository only some files yeah and it says after i dig this up for a little bit i want to find i don't know if i'll be able to exactly find oh yeah here it is here i was trying to track down to see if i could find the exact result and answer that i was looking for if you go ahead and get clone it you can specify a depth of one or whatever depth or how far you want to go only get the most recent revision of each file so i tried that i tried to get clone setting depth equal to one and i could get clone that it got something huge check it out and we have flag dot text that is our flag awesome so we could say that if we wanted to write i suppose if you want to do write a get flag script not entirely necessary but that is that for a couple 20 25 points i think on the game yeah 25 points so sweet uh just worthy of poking at banging your head against the wall and trying to figure it out a little bit uh hope that was pretty cool and i hope you enjoy it hey i want to give a special shout out to my supporters here the people that love me on patreon thank you guys so much one dollar a month on patreon will give you a special shout out at the end of your video just like this uh five dollars a month on patreon will give you early access to all of my videos before they release on youtube if you did like this video and you want to see more capture the flag video write ups or other programming tutorials stuff that i do please do like comment and subscribe that sincerely helps um join the discord server link in the description there's a cool community of ccf players programmers hackers and so if you want to join a game with me or anyone else that's the right place to do it it's awesome for collaboration i hope to see you guys on patreon that would be phenomenal and as always i hope to see you in the next video thanks