9447 Security Society CTF 2014 - Bashful and Coffee Writeup
After it was made easier the challenge became too easy. Infact for solving this task it was just needed to download this git .pack file:
and unpack it with:
git unpack-objects < pack-deff83d57714493c6d317394f3542da8e396f887.pack
and grab flag:
git cat-file blob 2d28acf09fc4424f7e1701bd7c8a6df29e6c9fe1
Another pretty easy challenge was coffee which involved another web app with nodejs and express. Basically it was about basic NoSQL injection in the username and password field using socket.io library. To know it was about NoSQL you should have spotted the /nodes_modules/ directory where you could have seen mongodb directory.