📖
CTF Wiki
  • 🚩Arne's CTF Writeups!
  • 2025
    • TUCTF
      • Forensics - Security Rocks
    • San Diego CTF
      • Crypto - RustSA
      • Misc - Triglot
  • 2024
    • Lexington CTF
      • Misc - a little bit of tomcroppery
    • Imaginary CTF
      • Web - Journal
    • Space Heroes CTF
      • Web - Antikythera
    • HTB Cyber Apocalypse
      • Pwn - Sound of Silence
      • Misc - MultiDigilingual
  • 2023
    • NahamConCTF
      • Mobile - Red Light Green Light
    • BucketCTF
      • Rev - Schematic
      • Rev - Random security
    • HTB Cyber Apocalypse
      • Rev - Cave System
      • Rev - Somewhat Linear
      • Pwn - Void
  • 2022
    • DownUnderCTF 2022
      • Cloud - Jimmy Builds a Kite
    • Ã¥ngstromCTF 2022
      • Pwn - really obnoxious problem
      • Pwn - whatsmyname
    • Engineer CTF
      • Misc - Not really random
      • Misc - Broken Pieces
    • KnightCTF 2022
    • HTB CTF: Dirty Money
      • Forensics - Perseverance
  • 2021
    • MetaCTF CyberGames 2021
    • HTB - Cyber Santa
      • RE - Infiltration
    • Securebug CTF Thor 2021
      • Web - Tricks 1
      • Web - Tricks 2
      • RE - Hidden in Plain Sight
    • TFC CTF 2021
      • RE - Crackity
      • Pwn - Jumpy
      • Misc - Weird Friend
    • K3RN3L CTF 2021
      • Crypto - Pascal RSA
    • DamCTF 2021
      • Misc - library-of-babel
      • Pwn - cookie-monster
    • Killer Queen CTF 2021
      • Pwn - Tweety Birb
      • Forensics - Tippy Tappies
      • Pwn - I want to break free
    • BuckeyeCTF 2021
      • Web - pay2win
      • Misc - USB Exfiltration
Powered by GitBook
On this page
  • Description
  • Solution
  1. 2022
  2. DownUnderCTF 2022

Cloud - Jimmy Builds a Kite

373 points | 94 solves

Last updated 2 years ago

Description

Solution

The game is quite straight forward, nothing much that we can do here.

Checking out the source code, it seems like this game is written in python and the main game logic is in /adventure.py. The game is simple and there are no signs of how to get a flag. At this point, I went back to read the challenge description and it mentioned "really cheap hosting provider". Looking at the challenge URL, the game appears to be hosted on Google cloud and instead of navigating to the given https://jimmys-big-adventure.storage.googleapis.com/index.html, I navigated to https://jimmys-big-adventure.storage.googleapis.com instead.

We finally have a lead here. There is a flag.txt in the bucket but accessing it directly returns the code AccessDenied.

But luckily, there is another file credentials.json that is not protected.

Now, all that is left to do is to figure out how to authenticate using the leaked credentials and call the cloud storage API to retrieve the flag. What I did was to first download the credentials file, run Powershell and set the credentials in the environment using the command: $env:GOOGLE_APPLICATION_CREDENTIALS="<path_to_credentials_json_file>". I then run the following script to get the flag.

# Imports the Google Cloud client library
from google.cloud import storage

# Instantiates a client
storage_client = storage.Client()
bucket = storage_client.get_bucket("jimmys-big-adventure")

blob = bucket.blob("flag.txt")
blob = blob.download_as_string()
blob = blob.decode('utf-8')

print(blob)

Flag: DUCTF{Th0se_cr3ds_w3r3nt_m34nt_2_b33_th3r3}

Game
Source code
Root URL
AccessDenied
credentials.json