Cap is an easy difficulty Linux machine running an HTTP server that performs administrative functions including performing network captures. Improper controls result in Insecure Direct Object Reference (IDOR) giving access to another user’s capture. The capture contains plaintext credentials and can be used to gain foothold. A Linux capability is then leveraged to escalate to root.
Decided to jump on the horse again and try out some new tools. 10.129.7.12 is the IP address of the machine.
The 2022 SANS Holiday Hack Challenge Featuring KringleCon 5: Golden Rings! Welcome to this year’s SANS Holiday Hack Challenge! We can’t wait for you to hop in the game and share some holiday cheer as you build vital cybersecurity skills.
Before you start, we have two urgent messages for you. First, a really big snow storm has struck the North Pole, piling up snow all around Santa’s castle and even blocking the doors. To continue their holiday prep, the elves have burrowed into the snow uncovering many fascinating things below the surface. Second, Santa’s Five Golden Rings are missing! These Rings have magical powers vital to Santa’s holiday operation. We absolutely need your help in finding the Rings, so get ready to embark on five epic quests. Remember to click on the badge in the center of your avatar to track your progress.
And, one last thing – As you engage with our North Pole team and other players, remember to always treat them with kindness and respect following the Holiday Hack Challenge Code of Conduct and Terms of Use.
Once you’ve read that code and agree to it, feel free to sign in.
Happy Holidays from the entire SANS Holiday Hack Challenge team!
Copy code for jekyll based themes
Reverse shell for aspx pages:
Difficulty: Easy
Goal: Get the root shell i.e.(root@localhost:~#) and then obtain flag under /root).
Information: Your feedback is appreciated - Email: suncsr.challenges@gmail.com
Tested: VMware Workstation 16.x Pro (This works better with VMware rather than VirtualBox)