Room: Advent of Cyber 2023 Day 20

Similar to Jenkins on day 12, I touch on Gitlab for the first time. VCS’s like Github are familiar to me. But I haven’t yet worked in a big team that used Gitlab.

Learning about Gitlab and CI/CD, we find that there has been some poison pipeline execution in the automation of Antarticraft.

Task 1: What is the handle of the developer responsible for the merge changes?

Looking in the merge requests overview we can find the handle of the developer.

Task 2: What port is the defaced calendar site server running on?

Given the port number in de docker command, we can find the defaced website. And it is also the answer to Task 2.

And what a treat this website is.

Task 3: What server is the malicious server running on?

I didn’t blur this answer out, so it’s right there in the write up. TryHackMe mentioned this popular server software aswell!

Task 4: What message did the Frostlings leave on the defaced site?

Again, I didn’t blur this answer out, so it’s right there in the write up. A real treat.

Task 5: What is the commit ID of the original code for the Advent Calendar site?

Checking all commits we can see that on the sixth of december we have a commit by Delf Lead. An account we trust.

In this specific commit we see that almost all of the original code was added.

Which means this commit’s ID will be the answer to Task 5.

Happy Hacking!

💡 If you want to stay updated with what I’m working on. Follow me and Subscribe! 🔔

Medium — LinkedIn — Twitter — Substack