CipherSpokes NetOps

Checking the DNS, we can see that the challenge is hosted on AWS S3.

Since the challenge hint mentioned fuzzing, lets fuzz for other possible bucket name.

ffuf -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -u http://hexnova.quest -H "Host: FUZZ.hexnova.quest"

We got a hit on gateway.hexnova.quest.

Vieweing the page source of gateway, we found a link to google cloud storage as well as a command to get the flag.

Viewing the index.html, we see multiple reference to a file called key.zip

We are able to then download the key.zip file.

The zip file has a password which is trivial to crack.

With that, we are able to activate the service account and get the flag.

gcloud auth activate-service-account --key-file=key.json

Last updated 4 months ago

Was this helpful?