🎄Advent of Cyber 4 (2022)

Get started with Cyber Security in 24 Days - learn the basics by doing a new, beginner-friendly security challenge every day leading up to Christmas.

Room Attributes
Value

Subscription Required

False [Free]

Type

Walkthroughs

Difficulty

Easy

Tags

beginner, christmas, challenge, advent

Task 6 [Day 1] Frameworks Someone's coming to town!

Your task is to help the Elves solve a puzzle left for them to identify who is trying to stop Christmas. Click the View Site button at the top of the task to launch the static site in split view. You may have to open the static site on a new window and zoom in for a clearer view of the puzzle pieces.

Puzzle Solutions

Puzzle 1/3

Puzzle 2/3

Puzzle 3/3

Once you complete the puzzles you'll be presented with defaced site containing the flag and a calling card from the malicious actor:

Who is the adversary that attacked Santa's network this year?

Reveal Flag 🚩

🚩The Bandit Yeti

What's the flag that they left behind?

Reveal Flag 🚩

🚩THM{IT'S A Y3T1 CHR1$TMA$}

Looking to learn more? Check out the rooms on Unified Kill Chain, Cyber Kill Chain, MITRE, or the whole Cyber Defence Frameworks module!

Task 7 [Day 2] Log Analysis Santa's Naughty & Nice Log!

Ensure you are connected to the deployable machine in this task.

Use the ls command to list the files present in the current directory. How many log files are present?

Reveal Flag 🚩

🚩2

Elf McSkidy managed to capture the logs generated by the web server. What is the name of this log file?

Reveal Flag 🚩

🚩webserver.log

Begin investigating the log file from question #3 to answer the following questions.

On what day was Santa's naughty and nice list stolen?

Reveal Flag 🚩

🚩Friday

What is the IP address of the attacker?

Reveal Flag 🚩

🚩10.10.249.191

What is the name of the important list that the attacker stole from Santa?

Reveal Flag 🚩

🚩santaslist.txt

Look through the log files for the flag. The format of the flag is: THM{}

Reveal Flag 🚩

🚩THM{STOLENSANTASLIST}

Interested in log analysis? We recommend the Windows Event Logs room or the Endpoint Security Monitoring Module.

Task 8 [Day 3] OSINT Nothing escapes detective McRed

What is the name of the Registrar for the domain santagift.shop?

All the information you need can be found on https://who.is/whois/santagift.shop

Reveal Flag 🚩

🚩NAMECHEAP INC

Find the website's source code (repository) on github.com and open the file containing sensitive credentials. Can you find the flag?

All the information you need can be found on https://github.com/muhammadthm/SantaGiftShop

Reveal Flag 🚩

🚩{THM_OSINT_WORKS}

What is the name of the file containing passwords?

config.php contains several secrets in code that are publicly readable in source code:

Reveal Flag 🚩

🚩config.php

What is the name of the QA server associated with the website?

Reveal Flag 🚩

🚩qa.santagift.shop

What is the DB_PASSWORD that is being reused between the QA and PROD environments?

Reveal Flag 🚩

🚩S@nta2022

Check out this room if you'd like to learn more about Google Dorking!

Task 9 [Day 4] Scanning Scanning through the snow

What is the name of the HTTP server running on the remote host?

Reveal Flag 🚩

🚩Apache

What is the name of the service running on port 22 on the QA server?

Reveal Flag 🚩

🚩ssh

What flag can you find after successfully accessing the Samba service?

Reveal Flag 🚩

🚩{THM_SANTA_SMB_SERVER}

What is the password for the username santahr?

Reveal Flag 🚩

🚩santa25

If you want to learn more scanning techniques, we have a module dedicated to Nmap!

Last updated