## Walkthrough

This challenge gives us a set of credentials and two links. Since we're told the credentials are for git, lets open that page and login using them.

### Logging In

Heading to `git.challenge.nahamcon.com:MY_PORT_HERE` gives me this page:

After using the given credentials, we're asked to authorize an app, clicking authorize lets us proceed.

After doing that we're sent to a second login page. We can enter anything here:

That redirects us to `drone.challenge.nahamcon.com`. Lets head back to `git.challenge.nahamcon.com` and sign in to view the git repos.

### Fatal Flaw
We see there's a git repo at `http://git.challenge.nahamcon.com:30417/JustHacking/poisoned` additionally, based on this commit we can see how the CI/CD pipeline works and it's fatal flaw.

Heading back to drone, we can see the flag is being echo'd here but due to drones security settings it isn't be displayed.

Before we make any changes lets make an ngrok tunnel using the command `ngrok 80 http` and save the url for later.

### Forking Repo
Lets fork this repo and make some changes to get the flag.
*New commit in our forked repo*

All that's left is to make a pull request and see if it sends the flag over. Lets go ahead and do that.

*Drone executing our .drone.yml*

### Flag

Success! It worked! The critical flaw in this app was allowing the CI/CD pipeline access to a secret environmental variable!

Original writeup (https://nburns.tech/docs/CTFs/NahamCon_2022/DevOps/Poisoned).