Writeup – SANS Holiday Hack Challenge (Part 4 of 4 – Conclusion)

In this post, we will continue the writeup of the SANS Holiday Hack Challenge, combining our retrieved audio files to reveal the final answers to this challenge.

Part 5

q5

  • Who is the villain behind the nefarious plot. (Dr. Who)
  • Why had the villain abducted Santa? (“Do I look like I’m in my right mind? I’m a madman with a box”)

With the audio files we had retrieved from the previous challenges, it was clear they were intended to be in some manner of order:

q5-audio

I took a gamble and renamed the “debug-” mp3 file to “discombobulatedaudio4.mp3”, and then joined the files in order. As MP3 files are effectively raw data, I just used the “cat” program.

I then opened this joined file into Audacity. Playing the file, it seemed like this was slowed down audio. By using the “Effect / Change Tempo” function, I was able to speed up the file. At about 8 seconds total length, the message became distinct enough:

"Merry Christmas Santa Claus, or as I've always known him, Jeff"

I then spent a little while trying to “say” this to the Audio Discombobulator in-game, when I realized I needed to try this at the final locked door (in the corridor behind Santa’s office). This successfully opens the door, and leads us to the “Clock Tower” area, and the final villain:

final_back_to_2016

This NPC also provides some entertaining (and surprisingly relevant) monologue, which I’ve screenshotted for posterity:

answer_part1 answer_part2

Conclusion

I’d like to thank the SANS team for the effort they have put into setting up this event. Quite clearly, a lot of care and thought went into this event, both in terms of usability, as well as ensuring the target systems remained mostly up for the (very extended) duration of the event – well done.

If I may offer some feedback:

  • Firstly, the ladder was way too long. I tried to work out some way to make travelling faster.
  • Secondly, the network access on the Train console was a nice easter egg. I tried to poke at the back-end (10.240.0.19) server, and in doing so, was able to expand my toolkit of Perl trickery to include a nice one-line netcat substitute. Unfortunately, I was unable to get anything meaningful in the time provided.
  • Thirdly, I’m not sure it was intentional to leak the identity of the final villain and clues to the location of Santa in the web socket traffic sent by the game:I haven’t yet been able to construct something which allows me to directly speak with Santa from anywhere? I assume this is possible? I will experiment further J

About Norman

Sometimes, I write code. Occasionally, it even works.
This entry was posted in Bards, Computers, Jesting and tagged , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s