Thursday, December 29, 2016

SANS Holiday Hack Challenge 2016 - Tips from the North Pole Elves

Tips from the North Pole Elves

Hello again,
Long time no see.
I was working on the SANS Holiday Hack Challenge and at last I've submitted my write up today, although I couldn't find 2 NetWars coins.

I'll share my solutions once the challenge is over after January 4th.

For now, I want to share the tips that the Elves from the North Pole gave us to help with the challenges.

The Elves in the North Pole give a lot of information and tips about possible vulnerabilities that can be exploited and tools to use.

Me!

·         Alabaster Snowball:

o   Mentions JSON parameter editing
o   Recommends using BurpSuite


·         Holly Evergreen:

o   Once all the Cranberry Pi pieces are found she provides the Cranbian image.

·         Shiny Upatree:

o   Mentions APK files are just ZIP files
o   Recommends JadX-gui to decompile APK
o   Provides a link to download Joshua Wright’s presentation from HackFest 2016 on using Android Studio and JadX

·         Pepper Minstix:

o   Talks about the Meteor Framework and provides a link to the project’s web site.
o   Provides a link to Tim Medin’s blog post about using Tampermonkey and his own Meteor Miner JavaScript to exploit over subscription sharing too much data with Meteor.
o   Provides a link to download an old version of the Dungeon game.

·         Minty Candycane:

o   Mentions NMAP and how the default –sC switch really works well.
o   Mentions John the Ripper and provides a link to download the Rockyou password database for brute forcing.

·         Sugarplum Mary:

o   Mentions how PHP Filters can be used to read all kind of I/O streams.
o   Provides a link to Jeff McJunki’s blog post about exploiting local file inclusion with php filters.  

·         Bushy Evergreen:

o   Mentions apktool to decompile Android apps.
o   Says JadX is great to look at the code but not good for recompiling, but with Apktool, I can modify the smali code and recompile.
o   Reminds to signed recompiled APK files before installing.
o   Provides a link to Joshua Wright’s video about manipulating APK files with apktool.

·         Wunorse Openslae:

o    Mentions how hard it’s been to manage so many SD cards.
o    Provides link to Joshua Wright’s blog post about managing SD card images and how to mount them

The same tips and others are provided in the SantaGram app once you manage to install it and look at the post from elves.

Tip from SantaGram post

Happy Hunting! 🙂

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)