🚩
HACKBOOK OF A HACKER
  • README
  • CTF Writeups
    • Intigriti Challenges
      • 1223
    • ASIS CTF quals 2022
      • Beginner Ducks
    • CSAW 2022
      • Dockreleakage
      • My Little Website
      • Word Wide Web
    • Cybersecurityrumble CTF 2022
      • Crymeplx
      • Revmeplx
    • HTB University CTF 2023
      • Rev
        • Windowsofopportunity
    • Metared 2022
      • 1x02..ware
      • Backwards
    • Reply CTF 2022
      • Dungeons And Breakfast
    • Teamitaly CTF 2022
      • Flag Proxy
    • MOCA CTF 2024 Quals
      • RaaS [WEB]
  • Smart Contracts Security
    • Code 4 Rena
      • High Risk Findings
        • Anyone Can Pass Any Proposal
        • Arithmetic Rounding
        • Can Vote Multiple Times By Transferring NFT In Same Block As Proposal
        • Never Ending Proposal
        • Reusing Signatures
        • Signature Verification Can Be Bypass With Zero Address
        • Untyped Data Signing
        • Wrong Calculation Of Apr
      • Low Risk Non Critical
        • Dont Check If Some Entity Actually Exists
      • Medium Risk Findings
        • Bypass Signature Validity Check
        • Copy Of Lack Of Verification In Hashes
        • Function May Run Out Of Gas Leading To Loss
        • Incorrect Initialization Of Smart Contracts With Access Control Issue
        • Invalid Signature Lead To Access Control
        • Lack Of Checks If One Entity Get Hacked
        • Lack Of Verification In Hashes
        • Missing Upper Limit
        • Missing Zero Address Checks
        • Possible Dos Because Unbounded Loop Can Run Out Of Gas
        • Too Much Trust To Certain Roles
        • Unreversable Actions
        • Useless Nft
  • T.I.L.
    • 16 09 22
Powered by GitBook
On this page
  1. CTF Writeups
  2. CSAW 2022

Dockreleakage

REV | 52 pts - 440 solves

Description: A breach occurred and some files have been leaked. One of the leaked files named dockREleakage.tar.gz contains an image of one of the company's components. An anonymous hacker has reached out to me and beware me that there is some serious mistake in my build image process. The hacker implies that sensitive information should be handled carefully. However, I couldn't find the mistake by myself. Please help me!

The challenge provides you dockREleakage.tar.gz, so pretty straight forward: tar xvf dockREleakage.tar --directory dockREleakage cd into folder and you'll find different layers of a docker image. In the first json you'll find the history of docker commands and in particular these two are useful for us:

    {
        "created": "2022-09-03T07:46:12.680399343Z",
        "created_by": "/bin/sh -c echo \"ZmxhZ3tuM3Yzcl9sMzR2M181M241MTcxdjNfMW5mMHJtNDcxMG5fdW5wcjA=\" \u003e /dev/null",
        "empty_layer": true
    },
    {
        "created": "2022-09-03T07:46:13.319972067Z",
        "created_by": "/bin/sh -c cat p-flag.txt \u003e tmp.txt; rm -rf flag.txt p-flag.txt; mv tmp.txt flag.txt; echo \"\" \u003e\u003e flag.txt"
    },

First command == first part of the flag, that is clearly a base64 encoded string:

$ echo "ZmxhZ3tuM3Yzcl9sMzR2M181M241MTcxdjNfMW5mMHJtNDcxMG5fdW5wcjA=" | base64 -d
flag{n3v3r_l34v3_53n5171v3_1nf0rm4710n_unpr0

Second command == second part of the flag, unsuccessful attempts to hide the flag as you can find them in the various layers inside the layer.tar

$ cd 928ab519cd995aeae5eced3dbe4b7e86c8bc7f7662ef0f73e59c2f30b2b3b8e4
$ tree layer && cat layer/chal/flag.txt
layer
└── chal
    └── flag.txt
    
73c73d_w17h1n_7h3_d0ck3rf1l3}
Find the rest of the flag by yourself!

flag{n3v3r_l34v3_53n5171v3_1nf0rm4710n_unpr073c73d_w17h1n_7h3_d0ck3rf1l3}

PreviousCSAW 2022NextMy Little Website

Last updated 1 year ago

Check out also this nice tool to explore docker image layers:

https://github.com/wagoodman/dive