Santa’s Tweet Secret
Browser:
Firefox
Tools:
Twime Machine
GEdit
Start the game at quest2016.holidayhackchallenge.com. At the beginning of the game, the player meets Jessica and Josh, the characters that were introduced in the 2015 SANS Holiday Hack. They are the gumshoes in this year’s SANS Holiday Hack1 as well. They ask the player to help find the secret message hidden in Santa’s Tweets.
Look at Santa’s business card in Josh and Jessica’s house. Note that Santa has a twitter account and an Instagram account @santawclaus.
Image Description: Santa’s Business Card
In the story1, Josh hinted at a tool that could be used to get the maximum amount of tweets allowed by Twitter for a person/entity that has a Twitter account.
That tool is called Twime Machine. It can be found at www.twimemachine.com. An account must be used to sign in. In this case, an account was created specifically for this purpose.
Note: Twitter detected the use of the account in Twime Machine, and asked for a phone number to validate the account. The account has not been validated. Twitter locked the account. The information that was needed was gathered, and that Twitter account was deleted.
In a different tab, navigate to Twime Machine. Sign into your Twitter user account or Create an account just for this purpose, then sign in. In Twime Machine, in the text box, next to the @ symbol, type “santawclaus” and click “Change user”. Santa’s tweets should be displayed.
Image Description: Santa’s tweets in Twime Machine
Copy the tweets using a preferred method.
Note: Some browsers and editors have the Edit>Select All, Edit>Copy, and Edit>paste options which may be easier.
Note: On different OS’s the shortcuts for copy/paste are different. Consult the specific OS in use.
Paste the tweets onto an empty page in the text editor. Once the tweets are pasted into the text editor, resize the screen.
Note: The screen may not need to be resized.
Scroll down and look at the white space. There should be letters visible. Santa’s secret is in a shift cipher. It’s called a shift cipher because the message is revealed when the words/punctuation are shifted in the correct way.
The white space spells out the words “BUG” and “BOUNTY”.
Image Description: White Space that shows the letter B.
Save the text file as evidence if desired. In many text editors, the “Save” function is located in the File menu. Fill out each Section-usually file name, the type of file, where it should be located (aka the path), and left-click, “Save”.
The words “BUG” and “BOUNTY” are the password for the zip file in question 2.
The password is “bugbounty”.
No comments:
Post a Comment