BucketWars

Description

let's keep our storage simple -- and remember we don't make mistakes in these parts.

Solution

Visit website and find five different versions at /versions.html.

https://bucketwars.ctf.csaw.io/index_v1.html
https://bucketwars.ctf.csaw.io/index_v2.html
https://bucketwars.ctf.csaw.io/index_v3.html
https://bucketwars.ctf.csaw.io/index_v4.html
https://bucketwars.ctf.csaw.io/index.html

Error when trying to access an invalid file, e.g. https://bucketwars.ctf.csaw.io/dgdfgdfgfdg.html

404 Not Found

    Code: NoSuchKey
    Message: The specified key does not exist.
    Key: dgdfgdfgfdg.html
    RequestId: J5QS9TW2YM0210EH
    HostId: 8Yt6lsFV9VR0evraLVRz7D0sEwIN4AzW6eQnjEBMAdOGMu80sI/PiVRqAYrfmLEb+E+8DuJihAo=

An Error Occurred While Attempting to Retrieve a Custom Error Document

    Code: NoSuchKey
    Message: The specified key does not exist.
    Key: https://s3.us-east-2.amazonaws.com/bucketwars.ctf.csaw.io/404.jpg

Can try to list the s3 bucket contents, but no permissions.

The most recent version (v5) has a hint:

Looking deeper into the stolen bucket only reveals past versions of our own selves one might muse

There's 300 lines of JSON but here's a snippet.

We have five different versions of the index_v1.html file, but all the other four versions only have a single entry.

It's also worth noting that v1 was the only page with no image, only the string: YIKES. Presumably, we need to recover the old versions of index_v1.html 🤔

We already have the latest, so we try the other 4. The first two had nothing but version 4, which is interesting.

It contains a password in the HTML: versions_leaks_buckets_oh_my.

Version 5 contains a new URL.

The last bit took me too long because I didn't expect stego in a web challenge 😆 Pair those two pieces of information with steghide, and you get the flag.

Flag: csawctf{cl0d_Bu4K3tz_AR3_F4Ir_g$m3}