Add more elf messages

content/writeups/holiday-hack-challenge/2024/act1/curling.md

@@ -328,3 +328,7 @@ curl -k -L https://curlingfun:9090/GoodSportsmanship
 {{< figure src="/img/writeups/holiday-hack-challenge/2024/act1/curling/gold.png" title="Gold" >}}
 
 And that's it, we got the gold medal!
+
+## Final elf message
+
+> Wait... did you just slice and dice it all into three commands? My stars, you're a Curling conjurer!

content/writeups/holiday-hack-challenge/2024/act1/frosty-keypad.md

@@ -285,3 +285,11 @@ We did get lucky here, as we could have also encountered the answer for silver f
 ```
 
 That's it for this challenge, see you in the next one!
+
+## Final elf message
+
+> Unbelievable! You found a flaw in the system and completely bypassed the rate limiter. You’re practically an elf legend!
+>
+> Incredible work! You pieced together the code like a true sleuth and retrieved the shreds we need. I’m not quite sure how you’ll put them all together, but if anyone can, it’s you!
+>
+> Your help has been absolutely essential, especially now with Santa missing. Wombley and Alabaster will want to hear all about it—go share the news with Jewel Loggins!

content/writeups/holiday-hack-challenge/2024/act1/hardware-hacking-part1.md

@@ -217,7 +217,7 @@ im = Image.open("assembled_image.png")
 
 xsize, ysize = im.size
 
-delta = 300  # amount to move x-axis
+delta = 275  # amount to move x-axis
 
 part1 = im.crop((0, 0, delta, ysize))  # take left part
 part2 = im.crop((delta, 0, xsize, ysize))  # take right part

content/writeups/holiday-hack-challenge/2024/act1/hardware-hacking-part2.md

@@ -0,0 +1,164 @@
++++
+author = "Maik de Kruif"
+title = "Hardware Hacking - Part 2"
+subtitle = "Act 1 - SANS Holiday Hack Challenge 2024"
+date = 2024-12-31T13:52:58+01:00
+description = "In Hardware Hacking Part 2, we help an elf grant access to card number 42. For silver, we find the passcode and use the slh command to grant access. For gold, we locate the SQLite database, modify the access value directly, and generate a valid HMAC signature using details from another table."
+cover = "img/writeups/holiday-hack-challenge/2024/act1/hardware-hacking/cover.png"
+tags = [
+    "Holiday Hack Challenge",
+    "ctf",
+    "hacking",
+    "writeup",
+]
+categories = [
+    "ctf",
+    "writeups",
+    "hacking",
+]
++++
+
+## Link
+
+If you want to play the challenge yourself, you can find it here:
+
+<https://2024.holidayhackchallenge.com/>
+
+## Story line
+
+Let's start off by talking to the elf:
+
+> Next, we need to access the terminal and modify the access database. We're looking to grant access to card number 42.
+>
+> Start by using the slh application—that’s the key to getting into the access database. Problem is, the ‘slh’ tool is password-protected, so we need to find it first.
+>
+> Search the terminal thoroughly; passwords sometimes get left out in the open.
+>
+> Once you've found it, modify the entry for card number 42 to grant access. Sounds simple, right? Let’s get to it!
+
+## Hints
+
+{{< collapsible-block title="Hidden in Plain Sight" isCollapsed="true" class="tight" >}}
+It is so important to keep sensitive data like passwords secure. Often times, when typing passwords into a CLI (Command Line Interface) they get added to log files and other easy to access locations. It makes it trivial to step back in _history_ and identify the password.
+{{< /collapsible-block >}}
+
+{{< collapsible-block title="It's In the Signature" isCollapsed="true" class="tight" >}}
+I seem to remember there being a handy HMAC generator included in [CyberChef](<https://gchq.github.io/CyberChef/#recipe=HMAC(%7B'option':'UTF8','string':''%7D,'SHA256')>).
+{{< /collapsible-block >}}
+
+## Recon
+
+Upon clicking the challenge icon, a terminal shows up with a boot menu.
+
+{{< figure src="/img/writeups/holiday-hack-challenge/2024/act1/hardware-hacking/part2/u-boot-menu.png" title="U-Boot menu" >}}
+
+If we select Startup system, a terminal shows up with Santa's Little Helper, an Access Card Maintenance Tool.
+
+{{< figure src="/img/writeups/holiday-hack-challenge/2024/act1/hardware-hacking/part2/initial-terminal.png" title="Initial terminal" >}}
+
+We could also boot to the U-Boot console, but let's explore the system first.
+
+## Silver
+
+From reading the help page for SLH which was shown, we probably need to use the `slh` command using the correct flags. It looks like we should use `--set-access 1` and `--id 42` to grant Full Access to the card with ID 42. Let's try that.
+
+{{< figure src="/img/writeups/holiday-hack-challenge/2024/act1/hardware-hacking/part2/access-not-granted.png" title="Access not granted" >}}
+
+Hmm, it seems we need to provide a passcode to make changes. This can be provided by using the `--passcode` option.
+
+Since the passcode needs to be provided as an argument like this, it is likely someone did it before and left the passcode in the history file. Depending on which shell is being used, the history can be read using the `history` command, this will show all commands the user has run. We can also combine this command with `grep` to search for things in it. A command combining the two to look for the passcode argument can look as follows.
+
+```sh
+history | grep passcode
+```
+
+{{< figure src="/img/writeups/holiday-hack-challenge/2024/act1/hardware-hacking/part2/grep-passcode.png" title="Passcode search" >}}
+
+Great, we found the passcode! Now let's add it to the command and execute it.
+
+```sh
+slh --passcode CandyCaneCrunch77 --set-access 1 --id 42
+```
+
+{{< figure src="/img/writeups/holiday-hack-challenge/2024/act1/hardware-hacking/part2/access-granted.png" title="Access granted" >}}
+
+We got the silver medal!
+
+## Gold
+
+### Continued story line
+
+Let's first talk to the elf again, he'll tell us what we'll have to do for gold.
+
+> Wow! You're amazing at this! Clever move finding the password in the command history. It’s a good reminder about keeping sensitive information secure…
+>
+> There’s a tougher route if you're up for the challenge to earn the Gold medal. It involves directly modifying the database and generating your own HMAC signature.
+>
+> I know you can do it—come back once you've cracked it!
+
+### Exploration
+
+Let's start by finding that database. We can start by listing the directory.
+
+{{< figure src="/img/writeups/holiday-hack-challenge/2024/act1/hardware-hacking/part2/directory-listing.png" title="Directory listing" >}}
+
+The "access_cards" file looks interesting. To find out what kind of file it is, we can use the `file` command.
+
+{{< figure src="/img/writeups/holiday-hack-challenge/2024/act1/hardware-hacking/part2/access-cards-file.png" title="access_cards file" >}}
+
+It looks like it's an SQLite 3 database file.
+
+### Solving
+
+We can read the SQLite file using the `sqlite3` command.
+
+{{< figure src="/img/writeups/holiday-hack-challenge/2024/act1/hardware-hacking/part2/sqlite3.png" title="sqlite3" >}}
+
+Good, the `sqlite3` is installed on the system. We can open the file using `.open FILENAME`, like the help mentions. After we've opened the file, we can also list the tables using `.tables`.
+
+{{< figure src="/img/writeups/holiday-hack-challenge/2024/act1/hardware-hacking/part2/sqlite-open-and-tables.png" title="Tables" >}}
+
+Let's explore the "access_cards" table further, as that one likely contains the card we need to change. We can get it's schema (table layout) using `.schema access_cards`.
+
+{{< figure src="/img/writeups/holiday-hack-challenge/2024/act1/hardware-hacking/part2/sqlite-schema.png" title="access_cards schema" >}}
+
+Now that we know the schema, we can formulate a query to get the current values of the card with id 42.
+
+```sql
+SELECT * FROM access_cards WHERE id = 42;
+```
+
+| id  | uuid                                 | access | sig                                                              |
+| --- | ------------------------------------ | ------ | ---------------------------------------------------------------- |
+| 42  | c06018b6-5e80-4395-ab71-ae5124560189 | 0      | ecb9de15a057305e5887502d46d434c9394f5ed7ef1a51d2930ad786b02f6ffd |
+
+So the goal is likely to set the `access` value to 1 again, but we also need to generate a new HMAC signature for the `sig` value.
+
+Before we can generate one, we need to find out the input for the HMAC algorithm; we need the input format, a key as well as the hashing function.
+
+The hashing function can be inferred from the current hash. Judging by the length and type it's likely SHA256, and any [hash identifier](https://www.tunnelsup.com/hash-analyzer/) will confirm that. We're still missing the other values though. Perhaps we can find some clues for this in the "config" table.
+
+```sql
+SELECT * FROM config;
+```
+
+| id  | config_key          | config_value                                                     |
+| --- | ------------------- | ---------------------------------------------------------------- |
+| 1   | hmac_secret         | 9ed1515819dec61fd361d5fdabb57f41ecce1a5fe1fe263b98c0d6943b9b232e |
+| 2   | hmac_message_format | {access}{uuid}                                                   |
+| 3   | admin_password      | 3a40ae3f3fd57b2a4513cca783609589dbe51ce5e69739a33141c5717c20c9c1 |
+| 4   | app_version         | 1.0                                                              |
+
+Look at that, the key and input format are right there. Now that we have those, we can plug the values into [CyberChef](<https://gchq.github.io/CyberChef/#recipe=HMAC(%7B'option':'UTF8','string':'9ed1515819dec61fd361d5fdabb57f41ecce1a5fe1fe263b98c0d6943b9b232e'%7D,'SHA256')&input=MWMwNjAxOGI2LTVlODAtNDM5NS1hYjcxLWFlNTEyNDU2MDE4OQ>), which will generate a signature for us.
+
+After generating the signature, we can update the row in the database using an SQL query again.
+
+```sql
+UPDATE access_cards SET access = 1, sig = "135a32d5026c5628b1753e6c67015c0f04e26051ef7391c2552de2816b1b7096" WHERE id = 42;
+```
+
+After running it, and waiting for a second, we get the gold medal!
+
+## Final elf message
+
+> Brilliant work! We now have access to… the Wish List! I couldn't have done it without you—thank you so much!

content/writeups/holiday-hack-challenge/2024/prologue/elf-connect.md

@@ -68,7 +68,17 @@ There are, however, multiple ways to solve the game. And we'll need to exploit t
 
 ## Gold
 
-For gold, we'll need to inspect the code behind the game.
+### Continued story line
+
+Let's first talk to the elf again, he'll tell us what we'll have to do for gold.
+
+> Amazing! You really connected all the dots like a pro.
+>
+> If you want a more difficult challenge, try beating randomElf's score.
+
+### Exploration
+
+To beat that score, we'll need to inspect the code behind the game.
 
 We can open the DevTools, and under "Sources" we can find the iframe in which the game is running. Here we can see all the files that are being used.
 
@@ -143,6 +153,8 @@ This might look a little complicated, so let me explain it for you. We start by
 
 This just get us the correct answer though, and we'll need more for gold.
 
+### Solving
+
 Scanning further through the code, we find the `checkSelectedSet` function with some logic in it:
 
 ```js

content/writeups/holiday-hack-challenge/2024/prologue/elf-minder.md

@@ -38,7 +38,7 @@ Let's start off by talking to the elf:
 >
 > The faster you get there, the better your score!
 >
-> I've run into some weirdness with the springs though. If I had created this game it would've been a lot more stable, but I won't comment on that any further.
+> I've run into some weirdness with the springs though. If I had created this game it would've been a lot more stable, but I won't **comment** on that any further.
 
 ## Hints
 
@@ -235,6 +235,12 @@ To test this hypothesis, we can draw a route that follows these rules.
 
 Afterwards, we hit start, and the elf reached the flag!
 
+## Final elf message
+
+> The rest of these elves are like corporate zombos. They just run around in circles unless you give them some direction.
+>
+> Way to pass them some of your super centered energy. Better you than me, though. I'd let them walk themselves straight off the island.
+
 ## Bonus
 
 Here's some nice bonus content. In the level's grid, we can also place paths and entities on corners. Also, the amount of springs if not validated. Of course, we can't do this by hand, we'll have to do it in code.

content/writeups/holiday-hack-challenge/2024/prologue/orientation.md

@@ -36,17 +36,17 @@ Let's start off by talking to the elf:
 >
 > Just kidding! It's actually the 2024 SANS Holiday Hack Challenge!
 >
-> And although we're on Frosty's Beach on Christmas Island, we'll soon be on our way > back to the North Pole.
+> And although we're on Frosty's Beach on Christmas Island, we'll soon be on our way back to the North Pole.
 >
-> I thought it best to wait here for people that heard we're on the Geese Islands but > may not know we're leaving.
+> I thought it best to wait here for people that heard we're on the Geese Islands but may not know we're leaving.
 >
-> I haven't seen Santa since we started packing up, but he always asks me to give a > quick orientation to newcomers, so I'm continuing the tradition.
+> I haven't seen Santa since we started packing up, but he always asks me to give a quick orientation to newcomers, so I'm continuing the tradition.
 >
-> Before you head out any further onto the island, you need to accomplish two simple > tasks.
+> Before you head out any further onto the island, you need to accomplish two simple tasks.
 >
-> But first, here's a parting gift. I packed this snowball made of the magical, > never-melting snow of Christmas Island. A little souvenir to take with you when we > leave for the North Pole.
+> But first, here's a parting gift. I packed this snowball made of the magical, never-melting snow of Christmas Island. A little souvenir to take with you when we leave for the North Pole.
 >
-> Click on the snowball on your avatar. That's where you will see your Objectives, > Hints, resource links, and Conversations for the Holiday Hack Challenge.
+> Click on the snowball on your avatar. That's where you will see your Objectives, Hints, resource links, and Conversations for the Holiday Hack Challenge.
 >
 > Now, click on the Cranberry Pi Terminal and follow the on-screen instructions.
 
@@ -59,3 +59,15 @@ Next the elf there is a "First Terminal", let's open it. At the top we can see a
 {{< figure src="/img/writeups/holiday-hack-challenge/2024/prologue/orientation/terminal.png" title="First Terminal" >}}
 
 Let's follow the instruction and enter the text in the top console. And that's it! We got the gold medal!
+
+## Final elf message
+
+> You're a natural! Something new this year you may not know is that all challenges have an easy and hard mode. There's also story mode, if you want to skip the challenges and watch how our holiday season's adventure unfolds!
+>
+> Your snowball will reflect how you've solved the challenges with the bronze, silver, and gold trophies.
+>
+> Well, that's it, now you're orientated! Feel free to get yourself settled in, establish a cohort with others, or just explore this lovely island. Just be careful where you walk as we are moving around some pretty heavy crates.
+>
+> Oh, while we're preparing everything to set sail for the North Pole, I heard Poinsettia McMittens and Angel Candysalt could use some assistance. I'm sure they'll appreciate any help you can provide!
+>
+> We'll let you know when the boat leaves, but for now relax, enjoy the sun, and most importantly, have FUN!

themes/maik-blog/assets/scss/_main.scss

@@ -24,6 +24,8 @@ html {
 *:before,
 *:after {
     box-sizing: inherit;
+    overflow-wrap: anywhere;
+    word-break: break-word;
 }
 
 body {
@@ -466,11 +468,14 @@ table {
     background: $light-background-secondary;
 
     th {
-        padding: 8px 0px;
+        padding: 8px 4px;
+
+        word-break: normal;
+        overflow-wrap: normal;
     }
 
     td {
-        padding: 6px 0px;
+        padding: 6px 4px;
 
         border-top: 1px solid $light-color-secondary;
     }