Latest

The challenge provides Access Keys that allows for IAM enumeration that leads to an additional user policy from the Permission Boundary. The policy allows for a specific S3 bucket enumeration. From there, a KMS decryption key was found and is used to decrypt and download unauthorized sensitive files such as the flag

The challenge provides Access Keys that is used to authenticate as a user that has the sts:AssumeRole permission. It is then used to escalate privileges by impersonating a role that was created leading to an S3 bucket compromise revealing the flag

Discovered a running webpage that allowed for registration. After logging in, it was revealed an outdated version of Camaleon CMS instance which was vulnerable to CVE-2024-46987 (Authenticated Arbitrary File Read). Leveraging that vulnerability to grab SSH keys on getting initial access. Finally, gained root access by exploiting a sudo misconfiguration using the facter command/binary.

The challenge provides JSON credentials that can be used to authenticate and enumerate GCP resources which includes IAM roles and service account emails that has admin permissions

The challenge provides Access Keys that are used to authenticate to the AWS instance and enumerate AWS IAM resources & Lambda function permissions. Leveraging those permissions, we can invoke a Lambda function to retrieve the hidden flag