Holiday Hack Challenge 2020 KringleCon III: French Hens
CTF write-up by Dan Roberts (@infosecetc)
Introduction
This year's Holiday Hack Challenge picks up from the 2019 cliff-hanger in which Jack Frost vowed to help a villainous Tooth Fairy subvert the holiday. The game opens on the side of the New Jersey Turnpike with a billboard and a sign for Exit 7A in view. A tram car awaits to take visitors up an unseen mountain to Santa's castle.
About
The Holiday Hack Challenge is a tremendous learning experience. There is a YouTube channel full of conference quality talks. You'll explore the inner-workings of pseudo random number generators, blockchain, and hash collisions. You'll learn a bit of physical penetration testing, using Proxmark3 to impersonate door access key cards. You'll execute a man-in-the-middle attack using Scapy, exploit a vulnerable web application, and learn a bit of Javascript and Python. The list goes on..
If you haven't attended KringleCon 3 yet, register at https://holidayhackchallenge.com/2020 and have some fun exploring before reading through the solutions!
Thanks
Thank you to Ed Skoudis, CounterHack, SANS, and all of the talented individuals who give their time and effort to make this incredible community event happen each year.
Answers
| Objective | Answer |
|---|---|
| 1 | Proxmark |
| 2 | North Pole: The Frostiest Place on Earth |
| 3 | santapass |
| 4 | Awarded when you move the Santavator to another floor |
| 5 | Awarded when you open the HID lock |
| 6 | The Lollipop Guild |
| 7 | Awarded when you fix Santa's Sleigh |
| 8 | JackFrostWasHere |
| 9 | Tanta Kringle |
| 10 | Awarded when you override the fingerprint reader |
| 11a | 57066318f32f729d |
| 11b | fff054f33c2134e0230efb29dad515064ac97aa8c68d33c58c01213a0d408afb |