http://pen-testing.sans.org/holiday-challenge/2012
I worked through this challenge over the course of a few weeks and then went back to wrote up my solutions weeks later after the holidays. Luckily, most of my notes and details were in my .bash_history, or else I'd have no idea how I solved many of these.
Questions:
1. Where did you find the remainder of Snow Miser's Zone 1 URL?
It was pretty easy to see the reflection of the URL in this image from
twitter: https://twitter.com/sn0w_
2. What is the key you used with steghide to extract Snow Miser's Zone
2 URL? Where did you find the key?
The key (IceIceBaby!) was in the User Comment metadata for off.jpg.
This key was used with steghide to extract the hidden url data.
ch@bluestem:~/snow$ steghide extract -sf off.jpg
steghide extract -sf off.jpg
Enter passphrase: IceIceBaby!
the file "tmpfile.txt" does already exist. overwrite ? (y/n) y
wrote extracted data to "tmpfile.txt".
ch@bluestem:~/snow$ cat tmpfile.txt
zone-2-6D46A633-25D7-42C8-AF94-8E786142A3E3
3. On Snow Miser's Zone 3 page, why is using the same key multiple
times a bad idea?
Using the same key multiple times increases the chances that it will be cached. This was found in the android data file data/com.android.browser/cache/webviewCacheChromium/data_2 from the
android image linked here:
https://twitter.com/h34t_
4. What was the coding error in Zone 4 of Heat Miser's site that
allowed you to find the URL for Zone 5?
The PHP redirect did not exit the script after running. So the full page was downloaded and the data was visible using a proxy or tool that didn't follow the redirect.
5. How did you manipulate the cookie to get to Zone 5 of Heat Miser's
Control System?
The cookie was the md5 sum of "1001", which was hinted at here:
https://twitter.com/sn0w_
4. What was the coding error in Zone 4 of Heat Miser's site that
allowed you to find the URL for Zone 5?
The PHP redirect did not exit the script after running. So the full page was downloaded and the data was visible using a proxy or tool that didn't follow the redirect.
5. How did you manipulate the cookie to get to Zone 5 of Heat Miser's
Control System?
The cookie was the md5 sum of "1001", which was hinted at here:
https://twitter.com/sn0w_
6. Please briefly describe the process, steps, and tools you used to
conquer each zone, including all of the flags hidden in the comments
of each zone page.
conquer each zone, including all of the flags hidden in the comments
of each zone page.
Blog posts to follow
No comments:
Post a Comment
Comments are moderated and will appear only after being reviewed.