Kabinet's GitBook
  • 🚩Kabinet CTF's Writeups
  • Page
  • 2025
    • Thuderdome
      • Emerge through the breach
      • Pulled from the sky
      • An absent defense
      • A new wave (web of deceit)
      • Crossing the great divide
      • Joining forces as one
      • Infiltrate (open the gate)
      • Jaeger
      • Victory
  • 2024
    • GreyCTF 2024
      • Markdown Parser
      • Fearless Concurrency
      • GreyCTF Survey
      • Baby Web
      • Beautiful Styles
      • All About Timing
      • Poly Playground
    • TetCTF 2024
      • Hello from API GW
      • Microservices
  • 2023
    • BSidesSF Cloud Village CTF
      • Tony Tony Tony
      • Plain Sight
      • A Suit of Armor Around The World
      • Sharing is Caring + Sequel
      • Photo Drive
    • DART CTF
      • Flag 1
      • Flag 2
      • Flag 3
      • Flag 4
      • Flag 5
      • Flag 6
      • Flag 7
      • Flag 8
      • Flag 9
      • Flag 10
    • EKS Cluster Games
    • Big IAM Challenge
  • 2022
    • Stack The Flag
      • Secret of Meow Olympurr
  • Authored
    • Cyber League 2025 Major 1
      • Perfect Storage
      • catalog commits
      • pawtainer hub
    • Lag and Crash 2023
      • Managed Secrets
      • Pickle Rick
      • Cloudy with a chance of meatball
    • NYP InfoSec December CTF 2022
      • Super Secure Technology Infrastructure
      • Self Introduction
      • Aww Cuter Cat
      • Obligatory Calc
      • BreadSecurity
  • NYP InfoSec Introduction to Pentesting Workshop
Powered by GitBook
On this page
  • Description
  • Solve
  • Further Discussion

Was this helpful?

  1. Authored
  2. Cyber League 2025 Major 1

catalog commits

PreviousPerfect StorageNextpawtainer hub

Last updated 3 months ago

Was this helpful?

Description

We have hired a talented developer to join our Azure team. However he is a serial yapper always yapping about his new project cat-a-log.

View Hint

You'll need to call upon the powers of OSINT to find what you're looking for.

Solve

Given the title catalog commits as well as the free hint mentioning osint, this is most likely a github osint challenge.

Searching on Github for the repository cat-a-logas sorting it by recent, we can see a Repository that is recently updated near the start time of the CTF.

Looking at the GitHub Organization of the repo, we noticed a cipher string in the description.

Plugging it into CyberChef returns the value cyberleague2025which suggest that we are on the right track.

Looking at the git commits, there are only 2 commits, both being relatively short.

Looking at the git diff, we noticed that it is using SAS Tokento access the storage account. Note that there is two seperate SAS Token. As SAS Token is pretty well documented, I will not be doing any further explantion, NetSPI has very good blog documenting in depth on how SAS token works.

Using Azure storage explorer, we are able to attach to the container and retrieve the flag.

Attempting to paste the SAS token will say URL must not have a path.

This is because the SAS token is referring to the specific object /public/my-awesome-content.zip. If we remove the path, we should be able to connect succesfully.

Azure Storage Explorer is also able to parse the token and let us know what permission we have.

Connecting to the container, we noticed that there is a private folder, and within it contain the file flag.txt

Flag: CYBERLEAGUE{aLw4ys_cH3ck_y0uR-s@s}

Further Discussion

This challenge was actually inspired by a IRL case study I found from a wiz security blog few years ago.

https://www.wiz.io/blog/38-terabytes-of-private-data-accidentally-exposed-by-microsoft-ai-researchers
LogoAzure SAS Tokens for Web Application Penetration TestersNetSPI