WelcomeβοΈ
IntroductionβοΈ
Hello and welcome to my 2023 SANS Holiday Hack Challenge write-up! My name is HijackSecurity and it's my 2nd year completing HHC all the way through (last one was back
in 2018). My main motivation for participating this year was to encourage friends to play the game, as well as challenge myself, and
hopefully write an interesting report to help others learn some new skills or just nudge if you are following along. Huge thanks to the SANS team for creating top-notch CTF, you guys rock! π€π
This year's HHC was awesome - fun, challenging and highly rewarding! The challenges had it all - AI, healthy amount of Azure APIs, SQL injections,
lots of client-side code manipulation (JS breakpoints - what are those), some GameBoy hacking, lock-picking went back to high-school days, JWT's are taking over, practical Java Deserialization exploitation,
casual quick & dirty Python scripting, satellite hacking and the need to think outside the box like every hacking challenge demands. ππ
The write-up is broken down into multiple sections, each containing similarly-themed objectives. Within each objective, there are its request, any relevant hints gathered, my solution, and the final response from whoever given the challenge. To walk through objectives step-by-step, use the "Navigation tip" below. There are also final answers here, the full Holiday Hack story, and a family photo that's photogenic enough for a post card. Besides all this, there is a BONUS! section for a couple of challenges outside of the main story. Enjoy! π π
100-page submission limit
Each year there's a huge number of write-ups that need to be reviewed by the Counter Hack team. To find a good middle ground between preventing information overload and creating a write-up that can stand on its own as a learning resource, some parts, like the navigation tip below, are collapsed by default. Skipping over these will not take away from understanding the overall solution, but feel free to expand them to get some additional information.
Navigation tip
Even with less than 100 pages, there's still quite a bit of information to read through. To make things a little easier, you can use P or , to go to the previous section, N or . to navigate to the next section, and S, F, or / to open up the search dialog.
TL;DR if you keep pressing N or . from this point forward, you'll hit all the content in the right order! 
AnswersβοΈ
1. Holiday Hack Orientation -
Follow Jingle Ringford's instructions to get your bearings at Geese Islands.
2. Snowball Fight -
Beat elves and Santa at Snowball Fight by tinkering with client-side variables and parameters.
3. Linux 101 -
A super cool way to play around with computers is by getting to know Linux command-fu.
4. Reportinator -
Improve the quality of the ChatNPT-generated penetration testing report via the absolute hacker way or by reading with a keen eye.
5. Azure 101 -
Get to know Azure CLI while enumerating Goose Islands' IT infrastructure.
6. Certificate SSHenanigans -
7. Active Directory -
8. Elf Hunt -
Hunt down the elfs by tinkering with JWT token and client-side variables.
9. The Captain's Comms -
10. Luggage Lock -
11. Faster Lock Combination -
12. Game Cartridges: Vol 1 -
13. Game Cartridges: Vol 2 -
14. Game Cartridges: Vol 3 -
15. Linux PrivEsc -
16. Na'an -
Beat cheating Shifty at Card Shuffle by cheating yourself via Python NaN Injection.
17. Hashcat -
18. KQL Kraken Hunt -
19. Phish Detection Agency -
Find all phishing emails using SPF, DKIM and DMARC.
20. Space Island Door Access Speaker -
Open door using AI-generated voice.
21. Camera Access -
22. Missile Diversion -
Save Santa from missile attack by chaining SQL Injection with Java deserialization exploit.
ConclusionβοΈ
Story
Just sit right back and youβll hear a tale,
A tale of a yuletide trip
That started from a tropic port,
Aboard this tiny ship
Santa and his helpful elves
To Geese Islands did go
Continuing their merry work
O'er sand instead of snow
New this year: a shiny tool
The elves logged in with glee
What makes short work of many tasks?
It's ChatNPT. It's ChatNPT
From images to APIs
This AI made elves glad
But motivations were unknown
So was it good or bad?
Could it be that NPT
Was not from off-the-shelf?
Though we'll forgive and trust again
We'd found a naughty elf
This fancy AI tool of ours
With all our work remained
Not good or bad, our online friend
Just did as it was trained
Surely someone's taint must be
Upon our AI crutch
Yes indeed, this bold new world
Bore Jack Frost's icy touch
Though all's returned to steady state
There's one thing that we know
We'll all be needed once again
When Santa's back on snow
Santa @ Resort Lobby
You've done it! You've saved me and my sleigh from Jack Frost's dastardly plan!
I must admit, it's astonishing the lengths Jack will go to in order to try and stop the holiday season.
Even after being banished from Earth, he managed to create an AI to social engineer us into moving our holiday operations to the Geese Islands, putting us right in the path of his satellite.
And to think he even recruited one of my dear elves... I never saw that coming. Oh, Wombley...
But thanks to your incredible efforts, we've proof that Jack violated his parole, and the chances of him interfering with the holidays ever again are all but impossible!
I can't thank you enough for your help in protecting the magic and joy of this special time of year.
I'd like to wish you a most wonderful holiday season, no matter where you may be on Earth or what the weather is like.
Keep that holiday spirit alive, my friend, and remember: a little change now and then can lead to something magical!
Ho ho ho, happy holidays!
Jack Frost @ Resort Lobby
Okay, listen up, yes I've been caught, but let me tell you, my plan was incredible, I mean really incredible.
I and the trolls created ChatNPT, a fantastic AI, and left it behind in the North Pole in 2021 to trick Santa into moving to the Geese Islands. It worked like a charm, perfectly perfect.
My satellite was geostationary, right over the islands to maintain comms with ChatNPT, and Wombley in the gound station. It was genius. Absolute genius, really.
I was reviewing all the prompts as they were sent, and changing the responses in real time thanks to Santa's operation moving to the Geese Islands. This was very smart. Very, very, very smart, very efficient.
And Wombley, the elf, joining me? Easy. He was so easy to convince.
You see, there's a big, big dissent in Santa's ranks, huge.
The elves, they're not happy with Santa.
Mark my words, even if I don't stop Santa, his own elves will.
It's going to be tremendous, this you will see.
Troll @ Resort Lobby
Relax, bub. We're just here for Jack Frost. He broke Frostian and Earth law.
The most important condition of his parole agreement was that heβd never set foot on Earth again.
To evade the missile, his ejection pod landed on Geese Islands, so heβs back on earth, violating the explicit terms of his parole.
Don't care he wouldn't have done it if the missile coordinates weren't tampered with. Rules are rules. Jack's time on Earth is finally up. We're taking him back.
Frostian justice waits for no one. Not even Jack. End of story.
And I just really want to be able to boss him around for a change. Keh heh heh.