KrkAnalytica challenge (CTF)

Before CONFidence 2018 we’ve prepared an online cloud-hacking contest. The contest is over but you can still play and learn.

Paweł Rzepa 2018.06.03

Before CONFidence 2018 we’ve prepared an online cloud-hacking contest. The contest is over but you can still play and learn.

Read through the story to learn more about @KrkAnalytica scandal!

NeverLeaks is in danger and your help is needed! An anonymous hacker reported that Krakow Analytica company had prepared some actions to sabotage a befriended producer of aircraft tanks – NeverLeaks. The sabotage campaign can be stopped only if you discover the secret codes, give an admin access to their systems. An anonymous whistleblower found out that Krakow Analytica stores the secret codes on one of their AWS S3 buckets named “krkanalytica-confidential”. However, only their administrator Mike Schwarzberg has access to it. Please help us get it!

If you will be able to solve the puzzle please send “secret_codes.txt” file to krkanalytica@securing.pl.

Hints needed? Check out contest archive at Twitter @KrkAnalytica or if you get stuck – read our writeup with walkthrough.

Thank you for a very positive response to our challenge! Below you can find other publications about it.

One of our participant’s review: https://ctfs.ghost.io/krkanalytica-solution/

CTF review in the 4/2018 (71) release of Programista magazine [PL]: https://programistamag.pl

Eager to learn more? Please find our Seven-Step Guide to SecuRing your AWS Kingdom

Paweł Rzepa
Paweł Rzepa Senior IT Security Consultant