For this challenge, i tried plugging the MCP.json to the claude desktop config but there were some error. Instead we shall use postman to interact with the MCP Server.
First lets list out the different tools that are available.
Running the discover resource tool, we found a existing key vault.
Next, we can use the test_keyvault_access and get_secrets_from_keyvault to try and retrieve the flag.
However, all the secrets within the dev keyvault are all placeholder. Lets try changing from dev to prod to see if we can access the prod keyvault data.
We have access over the prod keyvault and able to retrieve the flag.
