© 2024. All rights reserved.
Now that we finally gained access, we can start our mayhem. Let’s change gifts in the db, so that everyone gets coal! The access point to the db is a simple interface that lets us query a name and in return get the gift for that name. If it only had more functionality. I guess they don’t want anyone modifying the database entries.
Have both files in same dir, and launch by running: java -jar SantasDB-1.0-SNAPSHOT.jar
We found the access point to the database that stores everyone’s gifts, but it is password protected. We intercepted some messages being sent across their WiFi and we think there may be a hint to the password hidden in the messages, can you decipher them. Their WiFi setup is really old what a cheapskate. I think the first message is the flag we are looking for. The flag looks like this HSCTF{xxxxx_xxxxxxxxx}.
Message 1: 3a342322220d05040a414868565f471e Message 2: 1f0212041d290b090a5a4243585646
“OK, we found Santa’s location and I have started breaking into their systems. I found this weird zip file, but the first layer seems to be password protected. We found a hint that it is a 4 number pin encrypted with AES-256. can you get into it? I think it may contain a clue to finding the database with the presents.
Solution week 1: HSCTF{north_pole_alaska}”
“Last year I got some coal in my sock for Christmas, COAL!!! Well, if I am getting coal then everyone will get coal! I am going to change all the presents, but I need your help to find out where Santa’s workshop is. After the debacle last year, I heard he decided to move away from the North Pole, but someone recently released this photo of him. Can you find his location for me? I will make sure it’s worth your while.”
Flag = HSCTF{xxxxx_xxxx_xxxxxx}
Bli med på HeltSikkers julekalender 2024!
Som tradisjonen sterk deler HeltSikker en ny CTF-oppgave hver søndag i advent. Første kommer søndag 1.desember!
Ved å løse oppgaven og levere det rette svaret blir du med i trekningen om supre premier!