885 B
Difficulty
??
Category
Forensics
How To Solve
First, load the Docker image using docker load -i dockersecrets. You can then explore the image layers with docker history dockersecrets. Observe that two environment variables are set in the Docker image, a Postgres URL and a Postgres key. Use the flag --no-trunc to show the entire variables, instead of their truncated version. You can see from the URL that these values belong to a Supabase instance. When you connect to the database, you will see that the table users contains three columns: id, has_flag, and password. The password field of the record where the has_flag option is set contains a base64 encoded version of the flag. Use CyberChef to learn this password encoding. You can use a simple Python script to extract the flag.
Flag
IGCTF{N0t_th3_s4f3st_w4y_t0_st0r3_p4ssw0rds_h4H4}