echo "0xHat Security"

If you have not read the 1st Part then read it here. http://oxhat.blogspot.in/2018/01/sans-holiday-hack-2017-part-1.html So this part is all about exploiting machines.Each challenge will lead us to a page of the Great Book that will answer our questions to who was the actual culprit behind hurling those massive snowballs. 6) The North Pole engineering team has introduced an Elf as a Service (EaaS) platform to optimize resource allocation for mission-critical Christmas engineering projects at  http://eaas.northpolechristmastown.com . Visit the system and retrieve instructions for accessing  The Great Book  page from  C:\greatbook.txt . Then retrieve  The Great Book  PDF file by following those directions. What is the title of The Great Book page? We can find the about the IP of the internal host from the NMAP scan on the compromised machine from PART 2 of this series. nmap -PS80 -v 10.142.0.1/24 --open Let us connect to the Alabaster's system again using SSH followe

If you have not read the 1st Part then read it here. http://oxhat.blogspot.in/2018/01/sans-holiday-hack-2017-part-1.html So this part is all about exploiting machines.Each challenge will lead us to a page of the Great Book that will answer our questions to who was the actual culprit behind hurling those massive snowballs. Challenge 8) Fetch the letter to Santa from the North Pole Elf Database at  http://edb.northpolechristmastown.com . Who wrote the letter? On doing an nmap scan on  internal network using the compromised Alabaster's system, we can find the edb server We will connect to Alabaster's machine again and use SSH Port forwarding to port 80 to get access to the web application. Also we will edit our hosts file to make sure we can point at edb.northpolechristmastown.com Now we can access the application Once we do this we can try logging with alabaster's credentials, but it doesn't work. Looking at the intercepted requests , we s

If you have not read the 1st Part then read it here. http://oxhat.blogspot.in/2018/01/sans-holiday-hack-2017-part-1.html So this part is all about exploiting machines.Each challenge will lead us to a page of the Great Book that will answer our questions to who was the actual culprit behind hurling those massive snowballs. Challenge 4) Elf Web Access (EWA) is the preferred mailer for North Pole elves, available internally at  http://mail.northpolechristmastown.com . What can you learn from  The Great Book  page found in an e-mail on that server? Initial nmap scan revealed that the mail server is located at 10.142.0.5 Again using SSH Port forwarding technique we would connect to port 80, and add one entry in our host file so that it can resolve the dns. And there we have it.. Initial discovery gave us a robot.txt file pointing to a file User-agent: * Disallow: /cookie.txt Analyzing the algorithm, the password in encoded in bas

If you have not read the 1st Part then read it here. http://oxhat.blogspot.in/2018/01/sans-holiday-hack-2017-part-1.html So this part is all about exploiting machines.Each challenge will lead us to a page of the Great Book that will answer our questions to who was the actual culprit behind hurling those massive snowballs. Challenge 3: 3) The North Pole engineering team uses a Windows SMB server for sharing documentation and correspondence. Using your access to the  Letters to Santa  server, identify and enumerate the SMB file-sharing server. What is the file server share name? In my previous post I showed you how we obtained the password for allabaster snowball. Now luckily the compromised machine had nmap installed in it. So we are going to scan the internal network and try to find the SMB File Share. So IP address 10.142.0.7 belongs to the SMB Server. As the hint says "Alabaster likes to keep life simple. He chooses a strong password, and sticks with it&quo

If you have not read the 1st Part then read it here. http://oxhat.blogspot.in/2018/01/sans-holiday-hack-2017-part-1.html So this part is all about exploiting machines.Each challenge will lead us to a page of the Great Book that will answer our questions to who was the actual culprit behind hurling those massive snowballs. Lets begin ... Challenge 1: 1) Visit the  North Pole and Beyond  at the  Winter Wonder Landing  Level to collect the first page of  The Great Book  using a giant snowball. What is the title of that page? This challenge is easy to solve. Just a game to move the snow ball over the page ( circled in red ) Challenge 2: 2) Investigate the  Letters to Santa  application at  https://l2s.northpolechristmastown.com . What is the topic of  The Great Book  page available in the web root of the server? What is Alabaster Snowball's password? So first of all I need the IP of my target , so I used nslookup to get my answer So I started by browsin