Fun with Flags - Sans Holiday Hack 2017 Challenge 1
Read Time: 10 Minutes
Through the course of a year I participate in a number of Cyber Security Capture the Flags (CTFs) events. So in this posting, and others titled "Fun with Flags", I plan to capture how I solved the different challenges that are presented. To keep the blog light I will narrate only a challenge at a time. It is important to blog about this topic since CTFs allow for DFIR Professionals to experience new challenges. These challenges require the skills they have but the content might not match their day-to-day on the job challenges.
At the end of each year (since 2010?), SANS hosts their Holiday Hack Challenge. These challenges so far have a had a Christmas Theme wrapped around them. During the 2017 Holiday Hack Challenge nine major questions were posed to participants. I will scope the content of this post to the console challenges and hacking. The content will derive from the following question posed out of the nine:
"1) Visit the North Pole and Beyond at the Winter Wonder Landing Level to collect the first page of The Great Book using a giant snowball. What is the title of that page?"
For question "1)..." if we navigate to the mini game titled "Winter Wonder Landing" there is a small icon that looks like a console that participants have to left-click on to access as seen in Figure 2: Finding the First Terminal.
After a left click you are greeted with a terminal and with a banner message containing the challenge. (See Figure 3: Challenge 1 Terminal)
A lot of these contests are a measure of your reading comprehension skills. For your reading pleasure I have underlined the key words. The reference to "Find" I immediately spotted as a reference to a command and this combined with the "elftalkd binary" reference gave me a target. However, when executing find you are greeted with a error indicating that the find command is not a part of your path: (See Figure 4: No find for you)
You can see in Figure 4 that the environmental variable $PATH is pointing to some specific directories. On manual, inspection of binaries on the system find can be found in its standard location: (See Figure 5: Hiding find in plain sight)
As you can see in Figure 5 the find binary is very available and due to the $PATH definition we will need to reference to it by path/filename. The result of doing this with our target included can be seen in Figure 6: A little Closer.
With our target file found with its directory we simply execute to complete the challenge: (See Figure 7: We did it)
Please leave comments below and I look forward to sharing more experiences that I have on the daily with my readership.
References
Through the course of a year I participate in a number of Cyber Security Capture the Flags (CTFs) events. So in this posting, and others titled "Fun with Flags", I plan to capture how I solved the different challenges that are presented. To keep the blog light I will narrate only a challenge at a time. It is important to blog about this topic since CTFs allow for DFIR Professionals to experience new challenges. These challenges require the skills they have but the content might not match their day-to-day on the job challenges.
Figure 1: Fun with Flags Staarfaenger
At the end of each year (since 2010?), SANS hosts their Holiday Hack Challenge. These challenges so far have a had a Christmas Theme wrapped around them. During the 2017 Holiday Hack Challenge nine major questions were posed to participants. I will scope the content of this post to the console challenges and hacking. The content will derive from the following question posed out of the nine:
"1) Visit the North Pole and Beyond at the Winter Wonder Landing Level to collect the first page of The Great Book using a giant snowball. What is the title of that page?"
For question "1)..." if we navigate to the mini game titled "Winter Wonder Landing" there is a small icon that looks like a console that participants have to left-click on to access as seen in Figure 2: Finding the First Terminal.
Figure 2: Finding the First Terminal
After a left click you are greeted with a terminal and with a banner message containing the challenge. (See Figure 3: Challenge 1 Terminal)
Figure 3: Finding the First Terminal
A lot of these contests are a measure of your reading comprehension skills. For your reading pleasure I have underlined the key words. The reference to "Find" I immediately spotted as a reference to a command and this combined with the "elftalkd binary" reference gave me a target. However, when executing find you are greeted with a error indicating that the find command is not a part of your path: (See Figure 4: No find for you)
Figure 4: No find for you
You can see in Figure 4 that the environmental variable $PATH is pointing to some specific directories. On manual, inspection of binaries on the system find can be found in its standard location: (See Figure 5: Hiding find in plain sight)
Figure 5: Hiding find in plain sight
As you can see in Figure 5 the find binary is very available and due to the $PATH definition we will need to reference to it by path/filename. The result of doing this with our target included can be seen in Figure 6: A little Closer.
Figure 6: A little Closer
With our target file found with its directory we simply execute to complete the challenge: (See Figure 7: We did it)
Figure 7: We did it
Please leave comments below and I look forward to sharing more experiences that I have on the daily with my readership.
References
- CTFtime. "WTF-CTF". https://ctftime.org/ctf-wtf/
- The Big Bang Theory. Fansite. "Fun with Flags". https://the-big-bang-theory.com/fun_with_flags/
- SANS. Holiday Hack Challenge. "Past Challenges". https://holidayhackchallenge.com/past-challenges/
- SANS. Holiday Hack Challenge. "The 2017 SANS Holiday Hack Challenge". https://holidayhackchallenge.com/2017/
- SANS. The 2017 SANS Holiday Hack Challenge Mini Game. "North Pole and Beyond". https://2017.holidayhackchallenge.com/
- Die.net. Linux man pages. "find". https://linux.die.net/man/1/find
Comments
Post a Comment