🎄Advent of Cyber 4 (2022)

Get started with Cyber Security in 24 Days - learn the basics by doing a new, beginner-friendly security challenge every day leading up to Christmas.

Room Attributes

Value

Task 6 [Day 1] Frameworks Someone's coming to town!

Your task is to help the Elves solve a puzzle left for them to identify who is trying to stop Christmas. Click the View Site button at the top of the task to launch the static site in split view. You may have to open the static site on a new window and zoom in for a clearer view of the puzzle pieces.

Puzzle Solutions

Puzzle 1/3

Puzzle 2/3

Puzzle 3/3

Once you complete the puzzles you'll be presented with defaced site containing the flag and a calling card from the malicious actor:

Who is the adversary that attacked Santa's network this year?

What's the flag that they left behind?

Looking to learn more? Check out the rooms on Unified Kill Chain, Cyber Kill Chain, MITRE, or the whole Cyber Defence Frameworks module!

No answer needed

Task 7 [Day 2] Log Analysis Santa's Naughty & Nice Log!

Ensure you are connected to the deployable machine in this task.

No answer needed

Use the `ls` command to list the files present in the current directory. How many log files are present?

HINT: The directory needs to be /home/elfmcblue. You can use cd to change to this cd /home/elfmcblue

Elf McSkidy managed to capture the logs generated by the web server. What is the name of this log file?

HINT: You can use the lscommand to list the files present in the directory.

Begin investigating the log file from question #3 to answer the following questions.

No answer needed

On what day was Santa's naughty and nice list stolen?

HINT: This answer is looking for a day in the week.

What is the IP address of the attacker?

HINT: The attacker only made one request to the web server.

What is the name of the important list that the attacker stole from Santa?

Look through the log files for the flag. The format of the flag is: THM{}

HINT: Using grep recursively allows you to quickly look through a bunch of log files for a value.

No answer needed

Task 8 [Day 3] OSINT Nothing escapes detective McRed

What is the name of the Registrar for the domain `santagift.shop`?

HINT: Check the who.is/whois website to find WHOIS information.

All the information you need can be found on https://who.is/whois/santagift.shop

Find the website's source code (repository) on github.com and open the file containing sensitive credentials. Can you find the flag?

HINT: Use the same search terms that Recon McRed used on github.com to find the leaked source code.

All the information you need can be found on https://github.com/muhammadthm/SantaGiftShop

What is the name of the file containing passwords?

HINT: Check the file containing sensitive credentials.

config.php contains several secrets in code that are publicly readable in source code:

What is the name of the QA server associated with the website?

What is the DB_PASSWORD that is being reused between the QA and PROD environments?

Check out this room if you'd like to learn more about Google Dorking!

No answer needed

Task 9 [Day 4] Scanning Scanning through the snow

What is the name of the HTTP server running on the remote host?

HINT: Try nmap -sV MACHINE_IP in the AttackBox.

What is the name of the service running on port 22 on the QA server?

What flag can you find after successfully accessing the Samba service?

HINT: It is located in the admins folder.

What is the password for the username santahr?

If you want to learn more scanning techniques, we have a module dedicated to Nmap!

No answer needed

PreviousBlue NextDifficulty: Medium

Last updated 1 year ago

Task 6 [Day 1] Frameworks Someone's coming to town!

Who is the adversary that attacked Santa's network this year?

What's the flag that they left behind?

Looking to learn more? Check out the rooms on Unified Kill Chain, Cyber Kill Chain, MITRE, or the whole Cyber Defence Frameworks module!

Task 7 [Day 2] Log Analysis Santa's Naughty & Nice Log!

Ensure you are connected to the deployable machine in this task.

Use the ls command to list the files present in the current directory. How many log files are present?

Elf McSkidy managed to capture the logs generated by the web server. What is the name of this log file?

Begin investigating the log file from question #3 to answer the following questions.

On what day was Santa's naughty and nice list stolen?

What is the IP address of the attacker?

What is the name of the important list that the attacker stole from Santa?

Look through the log files for the flag. The format of the flag is: THM{}

Interested in log analysis? We recommend the Windows Event Logs room or the Endpoint Security Monitoring Module.

Task 8 [Day 3] OSINT Nothing escapes detective McRed

What is the name of the Registrar for the domain santagift.shop?

Find the website's source code (repository) on github.com and open the file containing sensitive credentials. Can you find the flag?

What is the name of the file containing passwords?

What is the name of the QA server associated with the website?

What is the DB_PASSWORD that is being reused between the QA and PROD environments?

Check out this room if you'd like to learn more about Google Dorking!

Task 9 [Day 4] Scanning Scanning through the snow

What is the name of the HTTP server running on the remote host?

What is the name of the service running on port 22 on the QA server?

What flag can you find after successfully accessing the Samba service?

What is the password for the username santahr?

If you want to learn more scanning techniques, we have a module dedicated to Nmap!

Task 6 [Day 1] Frameworks Someone's coming to town!

Who is the adversary that attacked Santa's network this year?

What's the flag that they left behind?

Looking to learn more? Check out the rooms on Unified Kill Chain, Cyber Kill Chain, MITRE, or the whole Cyber Defence Frameworks module!

Task 7 [Day 2] Log Analysis Santa's Naughty & Nice Log!

Ensure you are connected to the deployable machine in this task.

Use the ls command to list the files present in the current directory. How many log files are present?

Elf McSkidy managed to capture the logs generated by the web server. What is the name of this log file?

Begin investigating the log file from question #3 to answer the following questions.

On what day was Santa's naughty and nice list stolen?

What is the IP address of the attacker?

What is the name of the important list that the attacker stole from Santa?

Look through the log files for the flag. The format of the flag is: THM{}

Interested in log analysis? We recommend the Windows Event Logs room or the Endpoint Security Monitoring Module.

Task 8 [Day 3] OSINT Nothing escapes detective McRed

What is the name of the Registrar for the domain santagift.shop?

Find the website's source code (repository) on github.com and open the file containing sensitive credentials. Can you find the flag?

What is the name of the file containing passwords?

What is the name of the QA server associated with the website?

What is the DB_PASSWORD that is being reused between the QA and PROD environments?

Check out this room if you'd like to learn more about Google Dorking!

Task 9 [Day 4] Scanning Scanning through the snow

What is the name of the HTTP server running on the remote host?

What is the name of the service running on port 22 on the QA server?

What flag can you find after successfully accessing the Samba service?

What is the password for the username santahr?

If you want to learn more scanning techniques, we have a module dedicated to Nmap!

Use the `ls` command to list the files present in the current directory. How many log files are present?

What is the name of the Registrar for the domain `santagift.shop`?

Use the `ls` command to list the files present in the current directory. How many log files are present?

What is the name of the Registrar for the domain `santagift.shop`?