To get the solution for this one you need to run a very special Docker container.
You don't get to build it, though. Instead, your task is to set up your own docker registry, configure access so we can push to it, receive the image and run it with the proper environment set. That's it!
The image is based on alpine, so it's rather tiny - you won't need much to receive it.
After you grab the problem JSON with all the credentials and other goodness inside, you'll have to configure and run the registry. When it's up and running, you'll have to trigger the push by sending a
POST request to
/_/push/<trigger_token> (see the "pulling the trigger" section below). The request is blocking, so it can take up to a minute depending on the upload speed. Hang in there, when it's finished you'll get to see the raw logs of the
docker push from our side to help you debug.
If all's well, pull the image from your registry, set the
IGNITION_KEY environment variable to the right value, run the container and grab your reward. But beware! Apart from a few sanity checks, The app won't reject an invalid key. Instead it'll just serve you a random string as if nothing happened. It's mean like that, sorry.
By the way, the image may differ from push to push, sometimes it may be the same... stay on the safe side and assume it'll always be different and save yourself some frustration.
For the fun of it, the server will push two images. One of them will reveal the solution, the other one's a dud.
Problem JSON structure is simple:
credentials: how we will authenticate to your registry before the push
user: the username we will be using
password: the password we will be using
ignition_key: for the container to spit out the solution, you'll need to set an environment variable
IGNITION_KEYto this value
trigger_token: pass this to the
To trigger the push,
POST a JSON to
/_/push/$trigger_token with a single key inside:
registry_host: the host we should connect to
Leave off the schema. Proper values are
registry.fbi.gov and so on. Keep in mind that since TLS is required, an IP address won't do.
Once the request is received, we'll start a push. The request blocks until the push has completed, and returns the logs gathered during the push.
Your solution should be a JSON with a single key inside:
secret: the secret key returned by the container
Because setting up a docker registry is pretty much fun, and suprisingly you can learn quite a lot in the process. Unless you just close your eyes and hope for the best.