CTFtime.org / DCTF 2021 / Leak Spin / Writeup

Rating:

# Leak Spin and DevOps vs SecOps

These two challenges went hand in hand.

There was no info provided on any of them, other than two short descriptions that I can no longer access since I am writing this after the ctf ended.

However, I found out about it while investigating challenge Injection:

![Pasted image 20210516215412](https://user-images.githubusercontent.com/70921512/118423676-ee5a1800-b69b-11eb-8772-be80f3fab106.png)

Huh.. a github page...

![Pasted image 20210516215431](https://user-images.githubusercontent.com/70921512/118423689-f3b76280-b69b-11eb-9b49-c6607a7b037e.png)

And that was it for leak spin:

![Pasted image 20210516215449](https://user-images.githubusercontent.com/70921512/118423704-f9ad4380-b69b-11eb-81f2-ddab0ff8178a.png)

# DevOps vs SecOps

This one was also in their github page:

![Pasted image 20210516215532](https://user-images.githubusercontent.com/70921512/118423717-ffa32480-b69b-11eb-8b5f-e093644bde82.png)

However it was more concealed...

Basically, you had to go to the devops branch:

![Pasted image 20210516215610](https://user-images.githubusercontent.com/70921512/118423726-05006f00-b69c-11eb-8cce-392bcf38370b.png)

Then actions:

![Pasted image 20210516215632](https://user-images.githubusercontent.com/70921512/118423734-0af65000-b69c-11eb-9432-ba4deb29e75a.png)

And navigate through the `Create ctfd.yml` and get the flag:

![Pasted image 20210516215753](https://user-images.githubusercontent.com/70921512/118423743-10ec3100-b69c-11eb-85c1-fd5762fa03eb.png)

Original writeup (https://github.com/xxonorg/dCTF2021_Writeup/blob/main/Leak%20Spin%20%26%26%20Devops%20vs%20Secops.md).