diff --git a/content/writeups/holiday-hack-challenge/2024/act1/curling.md b/content/writeups/holiday-hack-challenge/2024/act1/curling.md index a0150aa..6953722 100644 --- a/content/writeups/holiday-hack-challenge/2024/act1/curling.md +++ b/content/writeups/holiday-hack-challenge/2024/act1/curling.md @@ -328,3 +328,7 @@ curl -k -L https://curlingfun:9090/GoodSportsmanship {{< figure src="/img/writeups/holiday-hack-challenge/2024/act1/curling/gold.png" title="Gold" >}} And that's it, we got the gold medal! + +## Final elf message + +> Wait... did you just slice and dice it all into three commands? My stars, you're a Curling conjurer! diff --git a/content/writeups/holiday-hack-challenge/2024/act1/frosty-keypad.md b/content/writeups/holiday-hack-challenge/2024/act1/frosty-keypad.md index 6d8b3e8..81fd2af 100644 --- a/content/writeups/holiday-hack-challenge/2024/act1/frosty-keypad.md +++ b/content/writeups/holiday-hack-challenge/2024/act1/frosty-keypad.md @@ -285,3 +285,11 @@ We did get lucky here, as we could have also encountered the answer for silver f ``` That's it for this challenge, see you in the next one! + +## Final elf message + +> Unbelievable! You found a flaw in the system and completely bypassed the rate limiter. You’re practically an elf legend! +> +> Incredible work! You pieced together the code like a true sleuth and retrieved the shreds we need. I’m not quite sure how you’ll put them all together, but if anyone can, it’s you! +> +> Your help has been absolutely essential, especially now with Santa missing. Wombley and Alabaster will want to hear all about it—go share the news with Jewel Loggins! diff --git a/content/writeups/holiday-hack-challenge/2024/act1/hardware-hacking-part2.md b/content/writeups/holiday-hack-challenge/2024/act1/hardware-hacking-part2.md index a9b9eea..427ecb5 100644 --- a/content/writeups/holiday-hack-challenge/2024/act1/hardware-hacking-part2.md +++ b/content/writeups/holiday-hack-challenge/2024/act1/hardware-hacking-part2.md @@ -158,3 +158,7 @@ UPDATE access_cards SET access = 1, sig = "135a32d5026c5628b1753e6c67015c0f04e26 ``` After running it, and waiting for a second, we get the gold medal! + +## Final elf message + +> Brilliant work! We now have access to… the Wish List! I couldn't have done it without you—thank you so much! diff --git a/content/writeups/holiday-hack-challenge/2024/prologue/elf-connect.md b/content/writeups/holiday-hack-challenge/2024/prologue/elf-connect.md index f8a5ae2..2aa04ed 100644 --- a/content/writeups/holiday-hack-challenge/2024/prologue/elf-connect.md +++ b/content/writeups/holiday-hack-challenge/2024/prologue/elf-connect.md @@ -68,7 +68,17 @@ There are, however, multiple ways to solve the game. And we'll need to exploit t ## Gold -For gold, we'll need to inspect the code behind the game. +### Continued story line + +Let's first talk to the elf again, he'll tell us what we'll have to do for gold. + +> Amazing! You really connected all the dots like a pro. +> +> If you want a more difficult challenge, try beating randomElf's score. + +### Exploration + +To beat that score, we'll need to inspect the code behind the game. We can open the DevTools, and under "Sources" we can find the iframe in which the game is running. Here we can see all the files that are being used. @@ -143,6 +153,8 @@ This might look a little complicated, so let me explain it for you. We start by This just get us the correct answer though, and we'll need more for gold. +### Solving + Scanning further through the code, we find the `checkSelectedSet` function with some logic in it: ```js diff --git a/content/writeups/holiday-hack-challenge/2024/prologue/elf-minder.md b/content/writeups/holiday-hack-challenge/2024/prologue/elf-minder.md index f978095..b17f0b5 100644 --- a/content/writeups/holiday-hack-challenge/2024/prologue/elf-minder.md +++ b/content/writeups/holiday-hack-challenge/2024/prologue/elf-minder.md @@ -38,7 +38,7 @@ Let's start off by talking to the elf: > > The faster you get there, the better your score! > -> I've run into some weirdness with the springs though. If I had created this game it would've been a lot more stable, but I won't comment on that any further. +> I've run into some weirdness with the springs though. If I had created this game it would've been a lot more stable, but I won't **comment** on that any further. ## Hints @@ -235,6 +235,12 @@ To test this hypothesis, we can draw a route that follows these rules. Afterwards, we hit start, and the elf reached the flag! +## Final elf message + +> The rest of these elves are like corporate zombos. They just run around in circles unless you give them some direction. +> +> Way to pass them some of your super centered energy. Better you than me, though. I'd let them walk themselves straight off the island. + ## Bonus Here's some nice bonus content. In the level's grid, we can also place paths and entities on corners. Also, the amount of springs if not validated. Of course, we can't do this by hand, we'll have to do it in code. diff --git a/content/writeups/holiday-hack-challenge/2024/prologue/orientation.md b/content/writeups/holiday-hack-challenge/2024/prologue/orientation.md index b2b52a5..6fa8729 100644 --- a/content/writeups/holiday-hack-challenge/2024/prologue/orientation.md +++ b/content/writeups/holiday-hack-challenge/2024/prologue/orientation.md @@ -36,17 +36,17 @@ Let's start off by talking to the elf: > > Just kidding! It's actually the 2024 SANS Holiday Hack Challenge! > -> And although we're on Frosty's Beach on Christmas Island, we'll soon be on our way > back to the North Pole. +> And although we're on Frosty's Beach on Christmas Island, we'll soon be on our way back to the North Pole. > -> I thought it best to wait here for people that heard we're on the Geese Islands but > may not know we're leaving. +> I thought it best to wait here for people that heard we're on the Geese Islands but may not know we're leaving. > -> I haven't seen Santa since we started packing up, but he always asks me to give a > quick orientation to newcomers, so I'm continuing the tradition. +> I haven't seen Santa since we started packing up, but he always asks me to give a quick orientation to newcomers, so I'm continuing the tradition. > -> Before you head out any further onto the island, you need to accomplish two simple > tasks. +> Before you head out any further onto the island, you need to accomplish two simple tasks. > -> But first, here's a parting gift. I packed this snowball made of the magical, > never-melting snow of Christmas Island. A little souvenir to take with you when we > leave for the North Pole. +> But first, here's a parting gift. I packed this snowball made of the magical, never-melting snow of Christmas Island. A little souvenir to take with you when we leave for the North Pole. > -> Click on the snowball on your avatar. That's where you will see your Objectives, > Hints, resource links, and Conversations for the Holiday Hack Challenge. +> Click on the snowball on your avatar. That's where you will see your Objectives, Hints, resource links, and Conversations for the Holiday Hack Challenge. > > Now, click on the Cranberry Pi Terminal and follow the on-screen instructions. @@ -59,3 +59,15 @@ Next the elf there is a "First Terminal", let's open it. At the top we can see a {{< figure src="/img/writeups/holiday-hack-challenge/2024/prologue/orientation/terminal.png" title="First Terminal" >}} Let's follow the instruction and enter the text in the top console. And that's it! We got the gold medal! + +## Final elf message + +> You're a natural! Something new this year you may not know is that all challenges have an easy and hard mode. There's also story mode, if you want to skip the challenges and watch how our holiday season's adventure unfolds! +> +> Your snowball will reflect how you've solved the challenges with the bronze, silver, and gold trophies. +> +> Well, that's it, now you're orientated! Feel free to get yourself settled in, establish a cohort with others, or just explore this lovely island. Just be careful where you walk as we are moving around some pretty heavy crates. +> +> Oh, while we're preparing everything to set sail for the North Pole, I heard Poinsettia McMittens and Angel Candysalt could use some assistance. I'm sure they'll appreciate any help you can provide! +> +> We'll let you know when the boat leaves, but for now relax, enjoy the sun, and most importantly, have FUN!