Sunday, February 9, 2020

SANS Holiday Hack 2019 - Objective 11: Open the Sleigh House Door

Another 5/5 Difficulty.  I wouldn't say that this is difficult, just time consuming.  If you're familiar with Web Developer Tools, this should be a breeze for the most part.  This challenge is located in the Student Union.  Steam Tunnels, use them to get here.  If not those, start out at the train station, go north through the Quad, past the spinning gift, and to the Student Union.  Enter the right door.  Go to the right side of the room.  Shinny will be guarding the door.  Note:  He won't mention the crate until you’ve solved the first set of challenges.  Kent Tinseltooth, located in the same room gives hints.


Note:  Codes are different each running, so mine won't match yours. 

I'm using Firefox, because I prefer the Dev Tools in Firefox.  Other browsers would work, but may not match these directions.

Also note, These locks are kind of opposite of what you'd expect.  Green means locked.  Red means unlocked. 
Overall goal:  "I locked the crate with the villain's name inside.  Can you get it out?"
First Lock:  "You don't need a clever riddle to open the the console and scroll a little."


Click on 3 Lines at the top right hand side of the browser window, Click on "Web Developer”, Click on Web Console to display the Console at the bottom of the screen. 



Scroll to the top of the console window.  First code is given in a green box.


Lock 2:  Some codes are hard to spy, perhaps they will show up on pulp with dye. 


For this one, there is a div section that is marked as display: none.  Right click on the lock, Click Inspect Element, and look for divs that have display marked as none.



Lock 3:  The code is still unknown, it was fetched but never shown. 


Click on the Network Tab in Developer Tools.  There will be a listing of traffic.  Click on cause to sort according to type.  Look a the causes labeled fetch.  One will display an image with a code.

Lock 4:  Where might we keep the things we forage?  Yes, of course:  Local barrels!
  

Click on Storage Tab.  Expand Local Storage.  Look for barrels on the right and the code.


Lock 5:  Did you notice the code in the title?  It may very well prove vital. 


There are multiple ways to solve this one.  One way is to click on the Inspector tab, Scroll all the way to the top, Expand <head>, expand <title>, and the code will be there.

Lock 6:  In order for this hologram to be effective, it may be necessary to increase your perspective. 


Right click on the hologram, Inspect Element, Look for an attribute labeled perspective.  Increase it by a lot.


Lock 7:  The font you’re seeing is pretty slick, but his lock's code was my first pick.


This is another one where there  is more than one way to solve it.  One of the easy ways is to look in Inspector, scroll to the top, expand head, then expand style.  It will be in there.


Lock 8: In the event that the .eggs go bad, you must figure out who will be sad.  


Search for .eggs in the html, then click on the span class event button, then expand spoil.


Lock 9:  This next code will be unreacted, but only when all the chakras are active.  


Right click, inspect element, look for chakras and make sure that the pseudo classes are active for each one.  I‘m not sure why, but I could only activate one at a time.  I just did so and copied the code each piece at a time.   I don't know much about this.  7FO7AELY


Lock 10:  Oh, no!  This lock's out of commission!  Pop off the cover and locate what's missing.  As a side note - this is my favorite lock out of these. :D


Right Click>Inspect Element.  You will see a div class called cover.  Uncheck the background to "pop it open”  This is the first reason this is my fav lock.  There is a visible change.


The lock now appears as a circuit board.  See the code on the bottom right hand side?  That's the code we need.  Type in the code into the lock and try to click unlock.  Doesn't seem to do anything.  So, we need to find what's missing. 

Look at the Console, though.  You will see an error.  Macroni missing.  Another side note:  I solved this one by luck.  I happened to notice another button with macaroni.


Copy the macaroni from the other button and paste it under lock 11. The following is another reason this is my favorite lock.  If you look at the lock, you can see a visible change. :)  See the macaroni? Lolz

Try the code an unlock again.  It will say that it's missing a cotton swap in the console. 

Add another div class, except this time, make it component swab.  Try the code and button again.


Now it will say that it's missing a gnome in the console.  I'm not including the pic because it looks like the other two, except it says gnome instead of macaroni and swab.

Once again, add another div class, except this time, make it component gnome. 


The Objective Answer:  The villain is the Tooth Fairy.


From what I understand, there is a scoreboard.  If you write a script for this challenge and solve it in a very short period of time, it keeps track of it.  I imagine that this could help SANS and/or Counter Hack to determine a winner for the Holiday Hack Challenge more easily, but I'm not sure that they actually used this to determine who won.  I don't work for them, so I don't know what exactly goes into determining who wins.  I'm hoping that whichever team won shows what they did to solve this one in like 8 seconds or something.  It would be interesting to learn how to write a script like that.

No comments:

Post a Comment