Skip to main content
  1. Posts/

ActI

·431 words
Table of Contents

cURLing
#

To get silver the commands are fairly simple

curl curlingfun:8080


curl -k https://curlingfun:9090


curl -k https://curlingfun:9090 -d 'skip=alabaster'


curl -k https://curlingfun:9090 -H 'Cookie: end=3'


curl -k https://curlingfun:9090 -I


curl -k https://curlingfun:9090 -H 'Stone: Granite'


curl -k https://curlingfun:9090/../../etc/hacks --path-as-is

And i got the silver medal

But how do we get the gold

curl -k -X POST https://curlingfun:9090 -d 'skip=bow' -H 'Cookie: end=10' -H 'Hack: 12ft'


curl -k https://curlingfun:9090/../../etc/button --path-as-is


curl -k -L https://curlingfun:9090/GoodSportsmanship

Frosty Keypad
#

this is the terminal

this is the note on the terminal

We talk to morel and he tells us about a book we need to find

I found the book over to the right

If we take the note as PAGE:WORD:LETTER it could spell something out

Yep it ends up spelling out S A N T A

Took me a while to figure out how to change santa into numbers and was tryning to use leetspeak and everything but its just old phone number typing

72682

and thats silver

im guessing this is the hint for gold

Found the uv light behind the boxes above the shredder

The uv shoes 2678 but we need a 5 digit password

i think were meant to just brute force it ?

so when we input a wrong password we get this

and when we input the silver password we get this

now how do i get a wordlist with all possible combos of numbers

so i just googled

and the first website was exactly what i needed

https://numbergenerator.org/permutations-and-combinations/list#!numbers=5&lines=5&low=0&high=100&range=2,6,7,8&unique=false&order_matters=true&csv=csv&oddeven=&oddqty=0&sorted=false&sets=&addfilters=

I put in the numbers and then copied the results and pasted them into a txt file and ill use that for my brute forceing

I realised that i need combos like 22222 and i have “2,2,2,2,2” so to fix this in nano i hit replace and replaced “,” with nothing

and that did it

the password is 22786 lets put that in

and thats gold done

Hardware
#

Part 1

Morcel gave me “One Thousand Little Teeny Tiny Shredded Pieces of Paper” which when downloaded was a zip file called shreds.zip with loads of images looking like this

I was so confused on what to do until i noticed the hint

i ran it and got this

i mirror flipped it and got this

lets try putting the options into this machine

now lets watch the console and do the wires

Now for the next part 2 we are inside the SLH ( santa’s little helper) machine and we need to grant acess to card 43 but we dont have the passcode so we need to find it