SignStealingSoftware-P2 UMDCTF2020

Introduction I finally decided to make my first writeup for a ctf challenge, it is a web exploitation one for a challenge called SignStealingSoftware-P2 from the UMDCTF2020. I know it’s too late since the ctf has ended 4 days ago but there is no writeups for this challenge 😒 and so I decided to make one for it 🙃. TL;DR Leak /etc/passwd file with an LFI Target the gitserver user and know that there is a git repo inside his home directory Get the commits made to the repo in order to get the flag The Challenge description Overview Visiting the website we get a select menu