Secret word 1 - (5 pts)
What's the secret word for SANS San Diego 2016 day 1?
This word was given to us.
advancedpersistenttaco
Use Google to answer most of these. It didn't say in the challenge that you couldn't use outside resources.
How many ports
How many ports are available on a Linux or Windows operating system, counting both TCP and UDP?
I learned this question in the Networking portion of SANS SEC 401. Some may be saying, "There's 65,536 ports. Why is the answer 131,072? Well, because they said both TCP and UDP. Add 65,536 and 65,536, and you get 131,072.
0
131070
65536
About 7
1337
131072
65535
Name that OS
This is a legitimate user agent string sent from a Microsoft Windows client operating system:
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
What OS is the client running?
Windows 8.1
Microsoft Bob
Atari TOS
Windows Vista
Windows 8
Windows XP
Windows 10
Windows 7
sans.org
When was the domain sans.org registered?
1995-08-04
1967-11-13
1337-12-25
1994-09-12
1997-03-12
1776-07-04
1990-01-01
2016-10-27
Time to Live
What is the name of the IPv6 field that is equivalent to IPv4's Time to Live?
I learned this one in SANS SEC 401 this week during the Networking portion.
Hop Limit
Version
Next Header
Flow Label
Traffic Class
Time to Live
IPv6
A new network engineer announces that he's going to conduct an active scan and ping every address on a standard IPv6 /64 subnet. You mention the vast size of the subnet, and the engineer confidently states he can ping a million addresses/day.
How long will the ping scan take, assuming 1 million hosts are scanned per day?
So, there are about 18446744073709551616 hosts per ipv6/64 network. If you divide that by 1,000,000, it gives you the daily rate in which you could scan the hosts. Then you divide by 365 to give you the years..
42
5+ years
50,539,024+ years
50+ years
50,539+ years
Infinity!
1337 minutes
A month or so
50,539,024,859+ years
What is the IPv6 address of sanschallenge.org?
If you watch the traffic by having tcpdump or wireshark running, and you ping https://sanschallenge.org, with a Mac or Linux, you should get an IPv6 address back. Ping uses ICMP traffic.
ping sanschallenge.org
104.131.191.1
2604:a880:0:1010::5db:4001
2604:a880:800:10::1a64:2001
2001:470:1f06:bef::2
dead:beef:c0de:fa11:feed:babe:cafe:f00d
2400:cb00:2049:1::adf5:3a33
42
Version detection - (10 pts)
What version of Apache is running on https://sanschallenge.org? Answer with a number.
For example, if the version is "Apache/1.2.3", you would answer '1.2.3' without the quotes.
From a Mac or Linux terminal, you can use curl to make a HEAD request to request the headers from a website, assuming it's allowed.
curl -l ‘https://sanschallenge.org'
Flag: - Convert to SHA1 Apache 2.4.7
Domo Arigato - (10 pts)
What directory is disallowed from spidering, per the robots.txt file on https://sanschallenge.org? Answer with the directory name only, including the leading and trailing slash. For example, if the entry is:
Disallow: /folder/
The answer would be '/folder/' without the quotes.
You just navigate to https://sanschallenge.org/robots.txt, and it shows the /wickedsecret/ directory.
Flag: - Convert to SHA1 /wickedsecret/
Key size - (10 pts)
What is the size of the RSA public key used in the x509 certificate for https://sanschallenge.org?
Another you know it or you don't question. RSA public keys are 2048 bits in length.
3072 bits
8 bits
1 bit
2 bits
16 bits
4 bits
1024 bits
64 bits
4096 bits
2048 bits
128 bits
32 bits
256 bits
512 bits
Thank you for this SANS Cyber Defense Challenge recap and your approach used for the solutions. This is my first foray at this type of an event. -Radioteacher
ReplyDeleteYou're welcome. If you have the time, you might want to work through the problems on your own. There are usually multiple ways to solve a problem, so you might find a more efficient solution.
ReplyDelete