Monday, January 7, 2013

SANS Holiday Challenge 2012 Zone 5 Writeup

Zone 5

Heat Miser

The last zone we need to gain access to is Zone 5 for Heat Miser. Connecting to the URL we found in the previous post, we are presented with the following:



We know that there must be something that determines whether or not we are authenticated to this zone, and from experience we could assume that a cookie would hold this information. However, if we did not previously know this, we could use the hint provided on Snow Miser's Twitter profile:


Using this information, we see the following cookie in use when we visit the page:


The cookie appears to be a hash of something, but what? In this case, Google is our friend. Pasting the hash into Google tells us that this is indeed an MD5 hash for "1001". We can deduce that this means our current UID is 1001, meaning that we are not an administrative user. Let's therefore change this hash to be the MD5 hash of an authenticated user. After a bit of trial and error (trying "1000", "0", and finally "1"), we find that if we use the hash "c4ca4238a0b923820dcc509a6f75849b" - which is the MD5 hash of "1" - we are presented with access to Zone 5:


With this, we have now completed all of the challenges and have finished the contest! This challenge took about 2 hours to complete, and provided a nice distraction from semester finals. Thanks again to the guys and gals over at SANS for putting this contest on!

As always, please don't hesitate to leave comments or suggestions below. Solve this Zone a different way? Let me know!

- Jordan

No comments:

Post a Comment