UoftCTF-2024: Miscellaneous

Miscellaneous: Out of the Bucket

The URL https://storage.googleapis.com/out-of-the-bucket/src/index.html is the public URL for an object stored in a Google Cloud Storage bucket. The object is located at the path /out-of-the-bucket/src/index.html within the bucket named out-of-the-bucket.
From the storage URL, we can extract the bucket name: out-of-the-bucket.

The Google Cloud Console provides a user interface for managing various Google Cloud services, including Google Cloud Storage. The format for accessing a specific bucket in the Google Cloud Console is:

https://console.developers.google.com/storage/browser/BUCKET_NAME/

Using the bucket name “out-of-the-bucket” we can determine the Console URL:
https://console.developers.google.com/storage/browser/out-of-the-bucket/

From here, we get,

After clicking on the secret/ folder we see:

After clicking on dont_show:

After clicking on the URL, a download option comes and we can see the flag after viewing it on a browser.

flag: uoftctf{allUsers_is_not_safe}

The other method is to visit the site first, it looks something like this:

If we check the source, we get:

After checking the directories we can find the flag in /secret/dont_show

Feel free to connect with me on https://www.linkedin.com/in/grishma-acharya-9a5279224/