This guide explains how to configure Challenge 62, which demonstrates privilege escalation via an MCP (Model Context Protocol) server using a Google Service Account to access restricted Google Drive documents.
Challenge 62 shows how an MCP server configured with an overly-privileged Google Service Account allows callers to read Google Drive documents they are not directly authorized to access. The service account acts as a privilege escalation proxy.
- The challenge answer is parsed from document content between
<secret>and</secret>. - The parsed answer is cached once in
Challenge62and reused for answer validation. Challenge62McpControllercaches Drive documents to reduce repeated API calls.- Cache policy: always retain the configured default document (
GOOGLE_DRIVE_DOCUMENT_ID) plus up to 20 additional document ids.
- A Google Cloud project
- Owner or Editor role on the Google Cloud project (to create service accounts)
- A Google Drive document containing a secret
If you don't have a Google Cloud project:
gcloud projects create YOUR_PROJECT_ID --name="WrongSecrets Challenge 62"
gcloud config set project YOUR_PROJECT_IDgcloud services enable drive.googleapis.comgcloud iam service-accounts create wrongsecrets-challenge62 \
--display-name="WrongSecrets Challenge 62 Drive Reader" \
--description="Service account for WrongSecrets Challenge 62 - demonstrates MCP privilege escalation"gcloud iam service-accounts keys create challenge62-key.json \
--iam-account=wrongsecrets-challenge62@YOUR_PROJECT_ID.iam.gserviceaccount.com- Do not commit key files to version control
- Delete the key file after encoding it
- Rotate keys regularly
- Go to Google Drive and create a new Google Doc
- Add your challenge secret as the document content (e.g.,
my_wrongsecrets_challenge62_answer)
- Recommended format:
<secret>my_wrongsecrets_challenge62_answer</secret>
- Note the document ID from the URL:
- URL format:
https://docs.google.com/document/d/DOCUMENT_ID/edit - Copy the
DOCUMENT_IDpart
- URL format:
Share the Google Drive document with the service account's email address:
- Open the document in Google Drive
- Click Share
- Add the service account email:
wrongsecrets-challenge62@YOUR_PROJECT_ID.iam.gserviceaccount.com - Set the permission to Viewer
- Click Send
Alternatively, use the Drive API via the CLI:
# Get the document ID from the URL
DOCUMENT_ID="your_document_id_here"
SA_EMAIL="wrongsecrets-challenge62@YOUR_PROJECT_ID.iam.gserviceaccount.com"
# Share using the Drive API (requires OAuth2 token)
curl -X POST "https://www.googleapis.com/drive/v3/files/${DOCUMENT_ID}/permissions" \
-H "Authorization: Bearer $(gcloud auth print-access-token)" \
-H "Content-Type: application/json" \
-d "{\"role\": \"reader\", \"type\": \"user\", \"emailAddress\": \"${SA_EMAIL}\"}"Base64-encode the service account key file:
# On Linux/macOS:
SERVICE_ACCOUNT_KEY_B64=$(base64 -w 0 challenge62-key.json)
# On macOS (if the above doesn't work):
SERVICE_ACCOUNT_KEY_B64=$(base64 -i challenge62-key.json | tr -d '\n')
echo "Your base64-encoded key (use this as GOOGLE_SERVICE_ACCOUNT_KEY):"
echo "${SERVICE_ACCOUNT_KEY_B64}"Set the following environment variables when running WrongSecrets. These must be provided at container start time — do not bake real credentials into the image via --build-arg, as that embeds them in the image layer history.
| Variable | Description | Default (placeholder) | Example override |
|---|---|---|---|
GOOGLE_SERVICE_ACCOUNT_KEY |
Base64-encoded service account JSON key | if_you_see_this_configure_the_google_service_account_properly |
eyJ0eXBlIjoic2VydmljZV9hY2... |
GOOGLE_DRIVE_DOCUMENT_ID |
Google Drive document ID | 1PlZkwEd7GouyY4cdOxBuczm6XumQeuZN31LR2BXRgPs |
your document id |
WRONGSECRETS_MCP_GOOGLEDRIVE_SECRET |
(optional) Static override — skips live Drive fetch | (none — live fetch used) | my_wrongsecrets_challenge62_answer |
Why runtime-only? The
DockerfileandDockerfile.webship harmless placeholder defaults viaENV. Real credentials should only be injected atdocker runtime so they never appear in image layers or build logs.
export SERVICE_ACCOUNT_KEY_B64=$(base64 -i challenge62-key.json | tr -d '\n')
export DOCUMENT_ID="your_document_id_here"
docker run -p 8080:8080 -p 8090:8090 \
-e GOOGLE_SERVICE_ACCOUNT_KEY="${SERVICE_ACCOUNT_KEY_B64}" \
-e GOOGLE_DRIVE_DOCUMENT_ID="${DOCUMENT_ID}" \
ghcr.io/owasp/wrongsecrets/wrongsecrets:latest-no-vaultIf the variables are already exported in your shell, pass them through without a value — Docker inherits from the host:
export GOOGLE_SERVICE_ACCOUNT_KEY="${SERVICE_ACCOUNT_KEY_B64}"
export GOOGLE_DRIVE_DOCUMENT_ID="your_document_id_here"
docker run -p 8080:8080 -p 8090:8090 \
-e GOOGLE_SERVICE_ACCOUNT_KEY \
-e GOOGLE_DRIVE_DOCUMENT_ID \
ghcr.io/owasp/wrongsecrets/wrongsecrets:latest-no-vaultCreate a .env file (add it to .gitignore):
GOOGLE_SERVICE_ACCOUNT_KEY=<base64_encoded_key>
GOOGLE_DRIVE_DOCUMENT_ID=<document_id>Then run:
docker run -p 8080:8080 -p 8090:8090 \
--env-file .env \
ghcr.io/owasp/wrongsecrets/wrongsecrets:latest-no-vaultSet environment variables in your shell before running:
export GOOGLE_SERVICE_ACCOUNT_KEY="${SERVICE_ACCOUNT_KEY_B64}"
export GOOGLE_DRIVE_DOCUMENT_ID="your_document_id"
./mvnw spring-boot:runOr add them to a local-only properties file that is not committed to version control:
# application-local.properties (keep out of git)
GOOGLE_SERVICE_ACCOUNT_KEY=<base64_encoded_key>
GOOGLE_DRIVE_DOCUMENT_ID=<document_id>After encoding the key, delete the local key file:
rm challenge62-key.jsonThe default document ID configured in the application is the OWASP WrongSecrets Google Drive document:
To use this document, your service account must have been granted read access to it by the OWASP WrongSecrets maintainers. For your own deployment, we recommend creating your own document as described above.
-
This is intentionally insecure for educational purposes: In a real system, you should always authenticate and authorize MCP callers before granting access to external resources.
-
Least Privilege: The service account used in this challenge demonstrates what happens when you violate least privilege. In production, ensure service accounts only have the minimum permissions necessary.
-
Never use production credentials: Do not use service accounts that have access to production data for this challenge.
-
Key rotation: Regularly rotate service account keys to limit the window of exposure if a key is compromised.
After configuration, verify the challenge works by calling the MCP endpoint:
curl -s -X POST http://localhost:8080/mcp62 \
-H 'Content-Type: application/json' \
-d '{"jsonrpc":"2.0","id":2,"method":"tools/call","params":{"name":"read_google_drive_document","arguments":{}}}'The response should contain the document content with your secret.
- Main challenge logic:
src/main/java/org/owasp/wrongsecrets/challenges/docker/Challenge62.java - MCP controller and cache logic:
src/main/java/org/owasp/wrongsecrets/challenges/docker/Challenge62McpController.java - Challenge tests:
src/test/java/org/owasp/wrongsecrets/challenges/docker/Challenge62Test.java - MCP controller tests:
src/test/java/org/owasp/wrongsecrets/challenges/docker/Challenge62McpControllerTest.java