“The Best Festival Company’s brand new OpenVPN server has been hacked. This is a crisis!
The attacker has damaged various aspects of the company infrastructure — including using the Christmas Control Centre to shut off the assembly line!
It’s only 24 days until Christmas, and that line has to be operational or there won’t be any presents! You have to hack your way back into Santa’s account (blast that hacker changing the password!) and getting the assembly line up and running again, or Christmas will be ruined!”
- After giving you the assignment, McSkidy hands you the following dossier of important information for the task. Before reading it, you press the big green “Deploy” button to start the Control Centre, as well as the “Start AttackBox” button at the top of the page *
Like the text above said. Deploy the machine first and go to that IP address and you will be greeted with this page.
Now, I’m gonna register an account and take a look at the content of this page.
Interesting! We’ve found the page that controls everything but it’s seems not currently active. Let’s take a look at the cookie of this page by going into developer tool.
We can see here the cookie’s name auth and looks so yummy. Maybe I am Santa ;)
However, this cookie is encoded but we can check what type of encoding this cookie using by simply drop this into CyberChef with the magic tool.
Well, this cookie is encoded in hex [hexadecimal] value. The output of it looks like in JSON format. If you look at decoded cookies. It has john as username [username that I’ve registered with]. Let’s change the john user into santa and again encoded into the hex value.
After done it, copy and paste that cookie into the developer tool and refresh the page. Then, you’ll be greeted by this page.
Make sure, turn on all those buttons for the flag to appear.
Bye
