search
blog

Cloudy with a chance of meatball

Difficulty
Points
Solves

Medium

500

3

hashtag
Description

Today in school, I learnt to code in HTML! View my brand new website! www.lncctf2023.tkarrow-up-right Hint 1: Identify how the website is hosted using what services

Hint 2: Enumerate your role and the allowed actions

Viewing the website, we can identify that it is hosted on some azure services

Since there isnt much information, other than the domain name, we can use MicroBurst arrow-up-rightto perform unauthenticated enumeration.

Refering to HackTricks

LogoPage not found - HackTricks Cloudcloud.hacktricks.xyzchevron-right

From the MicroBurst output, I have identified 2 files, /private/instructions.txt and /root/flag.txt

The /root/flag.txt shows a troll flag but /private/instructions.txt has some juicy information.

Since I have a set of credentials, we are able to use Azure PowerShell module to login with the service principal

Next, I can enumerate the resources our service principal has access to using Get-AzResource

I manage to identify that there is another storage account called lncctf2023private. I am then able to retrieve the flag from the private storage account

Flag: LNC2023{aZuR3_pUbL1C_c0ntAiN3R_i3_n0T_s0_s3cuR3}

PreviousPickle RickNextNYP InfoSec December CTF 2022

Last updated