search

cider-security-research / cicd-goat

A deliberately vulnerable CI/CD environment. Learn CI/CD security through multiple challenges.
Apache License 2.0
1.9k stars 309 forks source link

Why FLAG6 in Twiddledum? #77

Closed huornlmj closed 5 months ago

huornlmj commented 5 months ago

https://github.com/cider-security-research/cicd-goat/blob/00edb3efe0397c7ca3185b6933f0573d43d50b53/solutions/twiddledum.md?plain=1#L15

FLAG6 is selected as the flag with no obvious rationale. Why FLAG6?

bmdyy commented 5 months ago

2024-03-28 18_26_15-Window

huornlmj commented 5 months ago

(-‸ლ) of course.

TheCipherCat commented 1 month ago

There's another way you could've figured it out without looking at the challenge details. I'm not a developer or anything, but I've seen how other people do it. When you edit the index.js file, you can add the following line to find the environment variables:

console.log(process.env);

Add the new release and rebuild manually from Jenkins. It will print the environment variables. One of which is FLAG6: **** which can lead you to the next step in obtaining FLAG6. =)