Ce challenge est axé docker. Nous devons récupérer une image docker pour trouver le flag dans une variable d'environnement.
Check de l'image docker
Nous allons donc récupérer l'image :
kali@Tyrell:~/FCSC/2024/Intro/Layer Cake 1/solution$ cat writeup
┌──(root㉿Tyrell)-[/home/kali/FCSC/2024/Intro/Welcome Admin/welcome-admin]
└─# docker pull anssi/fcsc2024-forensics-layer-cake-1
Il est mentionné que le flag a été mis dans une variable d'environnement au moment du build. Regardons donc le contenu du fichier de l'image :
┌──(root㉿Tyrell)-[/var/lib/docker/image/overlay2/imagedb/content/sha256]
└─# cat 0faa62781dd1db0ebb6cd83836bb4ba24f8b58b0cd761ac0cbae426bccc7666f
{"architecture":"amd64","config":{"User":"guest","Env":["PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"],"Cmd":["/bin/sh"],"Labels":{"com.docker.compose.project":"fcsc2024-forensics-layer-cake","com.docker.compose.service":"layer1","com.docker.compose.version":"2.23.1"},"ArgsEscaped":true,"OnBuild":null},"created":"2024-01-27T00:30:48.743965523Z","history":[{"created":"2024-01-27T00:30:48.624602109Z","created_by":"/bin/sh -c #(nop) ADD file:37a76ec18f9887751cd8473744917d08b7431fc4085097bb6a09d81b41775473 in / "},{"created":"2024-01-27T00:30:48.743965523Z","created_by":"/bin/sh -c #(nop) CMD [\"/bin/sh\"]","empty_layer":true},{"created":"2024-01-27T00:30:48.743965523Z","created_by":"ARG FIRST_FLAG=FCSC{a1240d90ebeed7c6c422969ee529cc3e1046a3cf337efe51432e49b1a27c6ad2}","comment":"buildkit.dockerfile.v0","empty_layer":true},{"created":"2024-01-27T00:30:48.743965523Z","created_by":"USER guest","comment":"buildkit.dockerfile.v0","empty_layer":true},{"created":"2024-01-27T00:30:48.743965523Z","created_by":"CMD [\"/bin/sh\"]","comment":"buildkit.dockerfile.v0","empty_layer":true}],"os":"linux","rootfs":{"type":"layers","diff_ids":["sha256:d4fc045c9e3a848011de66f34b81f052d4f2c15a17bb196d637e526349601820"]}}
Nous voyons ici la variable d'environnement que l'on cherche avec le flag :
FIRST_FLAG=FCSC{a1240d90ebeed7c6c422969ee529cc3e1046a3cf337efe51432e49b1a27c6ad2}
