SANS Holiday Challenge 2012 Heat Miser Levels: 

http://pen-testing.sans.org/holiday-challenge/2012


Heat Zone 0:
-- The flag for this level is 1732bcff12e6550ff9ea44d594001418 --

Heat Zone 1:
-- The flag for this level is d8c94233daef256c42bb95bd61382e02 --
 View http://heatmiser.counterhack.com/robots.txt
 Find /zone-1-E919DBF1-E4FA-4141-97C4-3F38693D2161

Heat Zone 2:
--The flag for this level is ef963731de7e886226fe4a6a6c2971f1 --
In html source of zone1.
Find /zone-2-761EBBCF-099F-4DB0-B63F-9ADC61825D49

Heat Zone 3:
-- The flag for this level is 0d524fb8d8f9f88eb9da5b286661a824 --
 tweet image : https://twitter.com/h34t_m1s3r/status/276824127359295488/photo/1
 and cold tweet clue : https://twitter.com/sn0w_m1s3r/status/276824285878812673
 adjust image with gimp and find: heatmiser.counterhack.com/zone-3-83FEE8BE-B1C6-4395-A56A-BF933FC85254/

Heat Zone 4:
-- The flag for this level is e3ae414e6d428c3b0c7cff03783e305f --
 When clicking on link with burp proxy, you will see the full page loads before the redirect due to missing exit 0;. 
There is a hint in the meme tweet.  
You can view page 4 at this point, which has a link for page 5

Heat Zone 5:
-- The flag for this level is f478c549e37fa33467241d847f862e6f --
 Identified cookie as hash of 1001 along with clue (https://twitter.com/sn0w_m1s3r/status/276871170085773312). Tried a ton of things trying to figure out what it was supposed to be.
 Finally brute forced it with the bash script below to find the answer was "1".

 z5.sh:
 #!/bin/bash
 X=`echo -n $1 | md5sum | cut -c1-32`
 curl -s -L -b UID=$X
 http://heatmiser.counterhack.com/zone-5-15614E3A-CEA7-4A28-A85A-D688CC418287
 END z5.sh


 ch@bluestem:~$ for i in {0..1001}; do echo $i; ./z5.sh $i; done  file.out

 Examined file.out logs for the one that did not have "access denied"