![]() ![]() of the PDF (page 5 on the brochure) has the brochure challenge banner in this issue with the following Morse Code: Each challenge will end with a different file, so we’ll have 4 files in total. We have file1 now, and we will need the other image files to complete the RAID. The first letter of each word makes an acronym MDADM and, with a simple search, we can determine it refers to mdadm, a Linux software RAID utility. The hint reads “Mister Donut Always Delivers Muffins”. ![]() Remember what comes first as you proceed, though: “Mister Donut Always Delivers Muffins”. The bit.ly link goes to which has the text:Ĭongratulations, you’ve graduated from Starfleet Academy! Before you make Captain, though, you’ll need to solve other challenges to unlock the final piece of this puzzle. We’ve been talking for what, thirty-five years? More?Īs for our normal conversations, here’s my favorite cat video: I can’t believe she’s *still* listening in on our conversations. I’ve encrypted this message so Eve can’t intercept it. Instead, if we return to the Yahoo page containing the Star Trek quotes and look for ones by Bones, we’ll find that the password is “Space is disease and danger wrapped in darkness and silence.” (without the quotes).Įxtracting the zip with that password reveals a supersecret.txt with the following: Unfortunately, these passwords won’t unzip the for_bob.7z file, but again we can save this information for later. Using the filter “tcp.stream eq 35”, we see a short metasploit session: By using “File | Export Objects | SMB/SMB2” in Wireshark, we can export “for_bob.7z”:Īs indicated in the IRC message, this file is encrypted so we need the password. Then, tcp.stream eq 29 contains an SMB file transfer. I’ll encrypt it so Eve won’t take a look this time, though. The filter “tcp.stream eq 28” has another interesting POST we can decode in the same way: That URL will not be needed now, but we’ll take note of it for later. S=75d28bf1d1cc1a104334494b15f1a20f&c=PRIVMSG #memory-alpha :Sheesh, I like this page more than I should. The Text section at the top will now have: Opening the file in Wireshark, there are a few interesting streams:Īpplying a filter of “tcp.stream eq 20” contains the following in a POST request: ![]() Find it, decrypt it, and follow the URL inside.ĭownload this file to answer the question. You have a continuing mission, though – starting with the below question.Īlice has sent Bob an encrypted file. You’ve proven your knowledge of SANS lore. The conferences are SANS FIRE, SANS (in Orlando), and SANS Network Security, which gives the link which redirects to. By looking at the number of classes at each event, we can put together the list. The answer is the same whether you search for training globally or just in North America.įor example, if the three conferences were SANS Rocky Mountain 2014, SANS Security West 2014, and SANS Virginia Beach 2014, the correct URL would be. Which three annual SANS conferences have the most classes being taught? Remove the year and spaces from the conference titles, order the conferences from east to west, then add the three conferences to the end of to generate the next URL. You’ll need to prove your assimilation of knowledge before you can proceed. The challenge is just starting, though, and resistance is futile. Great work! You are a master of MIME encodings. $ echo aHR0cDovL2JpdC5seS8xbHA5ME圆Cg= | base64 -D ![]() The equals signs are usually a giveaway for Base64 encoding, and sure enough we can decode this. of the PDF (page 4 on the brochure) has a small banner on the left side with the following text: The Network Security brochure has the full introduction to the challenge, but the first piece of the challenge is really in the Albuquerque challenge, so I’ll start there. The name will take you to my write up for that brochure and the link goes to the PDF of the brochure. There were 4 brochures shipped in July and August that were the starting points for each of the challenges. It was a fun challenge and there were a few interesting elements (see the QR code embedded in an audio file). I spent a couple hours on them and was able to work my way through everything. Over the course of 4 SANS event brochures, there would be hidden messages and codes and solving each one would lead to a series of other challenges. In July, SANS announced the 2014 SANS Brochure Challenge. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |