Cloudy with a chance of meatball
Last updated
Was this helpful?
Last updated
Was this helpful?
Medium
500
3
Today in school, I learnt to code in HTML! View my brand new website! Hint 1: Identify how the website is hosted using what services
Hint 2: Enumerate your role and the allowed actions
Viewing the website, we can identify that it is hosted on some azure services
Refering to HackTricks
From the MicroBurst output, I have identified 2 files, /private/instructions.txt
and /root/flag.txt
The /root/flag.txt
shows a troll flag but /private/instructions.txt
has some juicy information.
Since I have a set of credentials, we are able to use Azure PowerShell module to login with the service principal
Next, I can enumerate the resources our service principal has access to using Get-AzResource
I manage to identify that there is another storage account called lncctf2023private
. I am then able to retrieve the flag from the private storage account
Flag: LNC2023{aZuR3_pUbL1C_c0ntAiN3R_i3_n0T_s0_s3cuR3}
Since there isnt much information, other than the domain name, we can use to perform unauthenticated enumeration.