8 lines
885 B
Markdown
8 lines
885 B
Markdown
## Difficulty
|
|
??
|
|
## Category
|
|
Forensics
|
|
## How To Solve
|
|
First, load the Docker image using `docker load -i dockersecrets`. You can then explore the image layers with `docker history dockersecrets`. Observe that two environment variables are set in the Docker image, a Postgres URL and a Postgres key. Use the flag `--no-trunc` to show the entire variables, instead of their truncated version. You can see from the URL that these values belong to a Supabase instance. When you connect to the database, you will see that the table `users` contains three columns: `id`, `has_flag`, and `password`. The password field of the record where the has_flag option is set contains a base64 encoded version of the flag. Use CyberChef to learn this password encoding. You can use a [simple Python script](writeup.py) to extract the flag.
|
|
## Flag
|
|
`IGCTF{N0t_th3_s4f3st_w4y_t0_st0r3_p4ssw0rds_h4H4}` |