The Fall of the Great Wall (PwnSec)
Can you pass the Great Wall's defenses and retrieve the hidden artifact? https://greatwall.blob.core.windows.net/ by @CodeBreaker The challenge was flagged as medium and we 2nd blooded the challenge/
1. Fuzz and find the container name
As it is related to azure blob storage the conventional approach is to use a fuzzing tool to search for common container names. I used this tool called goblob and it comes preinstalled with some useful wordlists. The tool gave me this result:
[~] Analyzing container 'storage' in account 'greatwall' (page 1) [+][C=200] https://greatwall.blob.core.windows.net/storage?restype=container [~][1/1] Finished searching account 'greatwall'2. Exploring the container
After we found the storage container let's explore its contents. I prefer to use the Azure Storage Explorer for this because it has an easy GUI and you don't have to worry about request headers. I find a file called connection_info and I open its version history:
The first file had a larger file size, so I just downloaded that file 😂...
3. Examining the zip file
The zip file is password protected... so using John we found that the password is Wall$treet1 . Unlocking it, we get these contents:
#This Document should be stored in a secret place
*************************************************
psql connection info:
username: gw_watcher
password: MkhqalhuVUd5cDVhQkdvQ2xCN25OaDY3SDlnOA==
target: dragongate.postgres.database.azure.com
database: dragonlair
*************************************************4. Connecting to psql database
Using the credentials and psql client we can connect to the provided database. I used this line:
psql -h dragongate.postgres.database.azure.com -p 5432 -U gw_watcher -d dragonlairIn this exploring the database we find the data that we were looking for:
id | name | origin | power_level | guardian | encoded_secret
----+---------------+-------------------+-------------+--------------+------------------------------------------------------------------------------------------------------------------------------
1 | Crimson Scale | Northern Fortress | 8800 | General Wei | Q3JpbXNvbl9TY2FsZV9IZWFydA==
2 | Golden Core | Central Bastion | 9600 | Lady Zhen | R29sZGVuX0NvcmVfUG93ZXI=
3 | Verdant Gem | Eastern Tower | 8700 | Captain Lin | VmVyZGFudF9HZW1fQmxvb20=
4 | Onyx Heart | Southern Gate | 9400 | Lord Chen | T255eF9IZWFydF9TaGFkb3c=
5 | Azure Flame | Western Keep | 9200 | Master Liang | ZmxhZ3s3aDNyM18xbl83aDNfbTE1N18zbjBybTB1NV9tNGozNTcxY181MWwzbjdfNG5kXzczcnIxYmwzXzU3MDBkXzdoM182cjM0N193NGxsXzBmX2NoMW40fQ==flag{7h3r3_1n_7h3_m157_3n0rm0u5_m4j3571c_51l3n7_4nd_73rr1bl3_5700d_7h3_6r347_w4ll_0f_ch1n4}Last updated