EkoPartyCTF – Docs
EkoParty CTF 2020 Git 2
Exact prompt has been forgotten. Linked to this GitHub repo
As I mentioned in the writeup for leak, I was in a very
githubby mindset when I started this challenge. For that reason, I solved this challenge first.
A quick inspection of the repo shows that it features an accidentally committed SSH private key and matching public key. I copied the text of these out of the commit log, and into chall and chall.pub. Now I have ssh access, however what to?
The next part of this challenge involves the git actions for the repo, in
.github/workflows/. In there we get an
issue-bouncer.yml and corresponding
issue-bouncer.py. Reading through these two, we notice something useful:
The python script essentially moves an issue to that
DST_REPO, so I figured why not try to clone it?
eval `ssh-agent` && ssh-add chall && git clone firstname.lastname@example.org:ekoparty2020/ekoparty-internal.git
Note: I had to modify permissions on the private key
challto get this to work.
This clones the internal repo, which conveniently features our flag in the root
~ Lyell Read