Viewing the commit history, we noticed a mention regarding security incident.
Viewing the activity, we found a force push request.
Looking at the initial commitarrow-up-right, we found a google cloud service account key.
The servuce account name is npm-reader. Looking at the package-lock.json, theres a reference to artifact registry.
Following the artifact regsitry documentation, we are able to authenticate and pull the packages.
Looking at the postinstall.js of the secrets menu, we see a reference to a secrets in google cloud secrets manager, as well as a base64 encoded service account.
We are then able to authenticate and retrieve the flag.
Last updated 6 months ago
