What's the secret word for SANS San Diego 2016 day 5?
bluescreenoflife
The first challenge - (5 its)
Simple base64 encoding. Just decode it. You see enough of them, and you know what to do.
The first challenge is: VGhlIGFuc3dlciB0byB0aGUgZmlyc3QgY2hhbGxlbmdlIGlzOiBtYXRocw==
maths
What is the answer to the first challenge? The answer is a lower case string.
The second challenge - (20 pts)
The 2nd challenge is: V2toIGRxdnpodSB3ciB3a2x2IGZrZG9vaHFqaCBsdjogdnhwcGR3bHJxIA==
So base64 decode again. The it is a rot encoding. You have figure out how many rotations. There are online tools for this to crack them quickly. Again, you see enough, your brain starts to recognize them. The rotation was 23 for this one: summation
What is the answer to the second challenge? The answer is a lower case string.
61584235636e4a6c596e427a595849674f6e4e704947566e626d56736247
466f5979426b636d6c6f6443426c6148516762335167636d563363323568
4947566f56416f3d0a
What is the answer to the third challenge? The answer is a lower case string.
This one was fun. First you hex decode it. Then you get base64 string that you decode. The answer is backwards. ipyrrebpsar :si egnellahc driht eht ot rewsna ehT It's raspberrypi. :)
Spot the Pattern - (35 pts)
Download and inspect this file: https://sanschallenge.org/files/phrase.txt
What is the day 5 phrase that pays? The answer is a lower case string.
Only question that I didn't get. We were told how it was solved, though. You look at the file in your browser or text editor and resize the screen until the lines are lined up a certain way. In the white space, you see a website. Alternately, I saw Mr. Conrad do something the command line. I didn't catch all of it, but it showed the website in # signs. The phrase was blueteamforever.
No comments:
Post a Comment