### Followup of Leak challenge

Lets look at the additional files that were changed with the `oops` commit.
There is:

1) private SSH Key
```
-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABlwAAAAdzc2gtcn
NhAAAAAwEAAQAAAYEA0SkvG4eQdnLVMa0tCbK5WJsP6STzq+zdwUbXa3bMF7uwJ6MaIbDV
+w+oD7eaB29zGqdlzEqo97pA6wVoC/6n4gn1OIORXNSeEJHnQ04g6tvmHmp2i4Csj6q764
PpWcDiIXzV0pYmsSiPmKoBMvp/LOGYTxkGG6T48Q1v9rm5+4s+tBvj8e6ugVb5kWZR3tiF
spZhtVmoC96RxbCfN1Mn4MhXbz6mKA5I1Svv/hOCBl2il8B7LdrFQvugxFNWBd4yVxanrp
2PkN/3YMVlyGxe6qWBhibrBM4h84z1+ysJOLdWlvmn20RLe2g3IceyjP4Qz/wgTmJ7cFQO
ajhvS9q6+oW001TCKkMZ9lgF7XAYHODneJDDQELf/HLxbHIgKSekUvvhTyMMfICSQnvzmW
HUZdffxb/o/cYu3SIhE+EqglD8954qJyrzI7z763f+Nj/ccPp4mPt4CRLSGYzG+ui3rfhr
lHsOvG489g0ZSUjrUjcz/zLKTbVGuW2P+G5lDAB3AAAFmB7rrkUe665FAAAAB3NzaC1yc2
EAAAGBANEpLxuHkHZy1TGtLQmyuVibD+kk86vs3cFG12t2zBe7sCejGiGw1fsPqA+3mgdv
cxqnZcxKqPe6QOsFaAv+p+IJ9TiDkVzUnhCR50NOIOrb5h5qdouArI+qu+uD6VnA4iF81d
KWJrEoj5iqATL6fyzhmE8ZBhuk+PENb/a5ufuLPrQb4/HuroFW+ZFmUd7YhbKWYbVZqAve
kcWwnzdTJ+DIV28+pigOSNUr7/4TggZdopfAey3axUL7oMRTVgXeMlcWp66dj5Df92DFZc
hsXuqlgYYm6wTOIfOM9fsrCTi3Vpb5p9tES3toNyHHsoz+EM/8IE5ie3BUDmo4b0vauvqF
tNNUwipDGfZYBe1wGBzg53iQw0BC3/xy8WxyICknpFL74U8jDHyAkkJ785lh1GXX38W/6P
3GLt0iIRPhKoJQ/PeeKicq8yO8++t3/jY/3HD6eJj7eAkS0hmMxvrot634a5R7DrxuPPYN
GUlI61I3M/8yyk21Rrltj/huZQwAdwAAAAMBAAEAAAGASaz1IABfnamTeV0j6S+gZBqyvx
A6GQxljIhUp1EAUTfWtA+ay9VLepUoQOkOg6H5bKEclZqS7DgaV+7emKMKJfAWBeMqWAW4
6+NJEAc8Rx5Qb9RWj4syvaSJb0tW7juoK92aQASN+odsFX2E0J02IOwSR4JsCV7SJa7zCn
ifj4CcBLtyTq0hoQOvA02EdzfT2HVqU4QSUqQCux0c6FMNT/uh+NiblK57b0N71QawHWfs
NwIhIaTXKWITXjRwr751X/PgqvJWcowHupVniArL25DJzSnPJ7EDj3yJE5x1Bwnl5QIcQy
+7aLLV2McPDbgt38NtVaQW08VVnU9YwSe6iu3CikX2DtCThWqY5YUIC4gvDKV244PNZpDk
dihXn6AziCe65X3y0kYDVJEwfaay5yq2x4hpH/GtUJ+bnSTyvWx5aYJkNJjo35aKwuMkwP
OoGYfgGY//aVgeWLPIDCCGZk5F2u7EqJTgw7ocztVbvmZKoNTreHXSlWzkbNT0CqupAAAA
wF3IprosVTJ47w0i7GiD/o/v/jOx/pEYe1HF8oxpByUtrdgKPdYLuRU46IJID6itNLAXN6
5dS7MAHLC2Gbpr+zzb6bEyFAgHtVzfAe3iZqEv7IBPn/YvS8OcMDznp6PbIoSUBL1SM2DQ
bWpzPOoVHfw0rzM4tDTdhyALCvvH2aN85tlTsAVK2D41Us+omSUyrsyCIvxWz5eCkavz+D
SEV4mw9T+iklNB9QEKwwOUfTiLC3avXK/XOiKseALY98m/YQAAAMEA7D8WMfO7bRnoGdKY
J4XTO2bHQJGBDJmx7Yc+JiKsPAjt/39fU/9T6j+StGXl3tB2jLX65P0xRpQAH1CNW7jVVh
tATUGIQFemaMRH5XGNrLax2NJwP4//kwAt2TQK2fReDEr8IS0ZCi9ExgTj6kPdmwaC7myW
l+1c79Wf+6lRLiAaxIt+2oLfYX4/aQn/Yjg2Kp1ISDjSWIsWGYMrs8rRgltvJhPFjNHfu7
rPOZY75kYstCwiDnERDHzl9wPrd4b1AAAAwQDiplMCzSTqpYgATqI7BKS+IYk+8gS3oQt9
+dLu4ymBGevp/oWjml8VEKkth67XVBk81rq1TzG+4/WOVIDHG29r4OKkQUnDV/U7sPh7gL
mEiJ5doi8x806ovl8dggq1TYWBFcwuc016ttHmHp9LUirCSH9LFg5y5sSHDhFqXNKMkT3d
duvDNm1g0dKvAqR1kLybYEO9RQEHk5epeMrMD9fKCm/qHx7JgRdkDWr5tKzI+HVG4jEWNc
VNqlNKANaUjjsAAAAdYW50aWNvbXB1dGVyQHdpbnRlcm11dGUubG9jYWwBAgMEBQY=
-----END OPENSSH PRIVATE KEY-----
```

2) `.github/workflows/issue-bouncer.yml`
```
name: Bounce issues from public repo to private repo
on:
issues:
types: [opened]

jobs:
issue-label-check:
runs-on: ubuntu-latest
steps:
- name: Check trigger label
if: ${{ !contains(github.event.issue.labels.*.name, 'Staff Report') }}
run: |
echo "No trigger label found, aborting workflow (not an error!)"
exit 1
- name: Set up Python3
if: ${{ success() }}
uses: actions/setup-python@v1
with:
python-version: "3.7"
- name: Checkout this repo
if: ${{ success() }}
uses: actions/checkout@v2
- name: Run the python3 script for this action
if: ${{ success() }}
env:
# where the bounced issue came from
SRC_REPO_TOKEN: ${{ secrets.GITHUB_TOKEN }}
SRC_REPO_ISSUE: ${{ github.event.issue.number }}
# where the bounced issue will go
DST_REPO: 'ekoparty2020/ekoparty-internal'
DST_REPO_TOKEN: ${{ secrets.INTERNAL_TOKEN }}
run: |
# external report to internal report
pip3 install pyGithub
pip3 install sh
python3 .github/workflows/issue-bouncer.py
```

Those are the only files we need for this task.
There are two key information here:
1) We have Private SSH Key
2) In the bouncer yaml definition, there is `DST_REPO: 'ekoparty2020/ekoparty-internal'` which is another repository.

Lets take the private key a use it to clone the internal repository.
I've extracted the key to file, added this to `~/.ssh/config` :
```
Host ctfgit
HostName github.com
IdentityFile /home/jsf/CTF/ekoparty/git/docs/privkey
IdentitiesOnly Yes
```
and then cloned the repository with
```
git clone git@ctfgit:ekoparty2020/ekoparty-internal.git
```

After reading the `README` file in the internal repository, we got the flag.
```
cat README.md
# EkoParty 2020 issue tracker

This is the internal ekoparty issue tracker for the 2020 edition.

Please file any conference issues here for staff triage.

Note: this repository uses github actions:

https://docs.github.com/en/actions

Also, congrats for solving Stage 2!

EKO{1ca688c86b0548d8f26675d85dd77d73c573ebb6}
```

Flag: EKO{1ca688c86b0548d8f26675d85dd77d73c573ebb6}