Blog: SANS Penetration Testing

Blog: SANS Penetration Testing

Holiday Challenge 2012: Winners and Answers

Hello Holiday Hackers! Tim Medin, Ed Skoudis, and Tom Hessman here with the official announcement of winners and answers for "The Year Without a Santa... Hack," our annual holiday hacking challenge. If you are unfamiliar with the challenge, you can read it here. We'll keep the challenge and target systems running for a long time, so you can continue to work through it using the answers below if you didn't finish, or, if you did finish, you can dazzle your friends with your awesome skills!

Those of you who completed the challenge hacked your way through the Miser brothers' weather control systems. To warm the North Pole, you hacked Snow Miser's SnowTalk system, cut the chillers, and turned on the heaters in the northern parts of the world. To chill out the South, you hacked Heat Miser's Wonderwarm system, turned off the heaters, and turned on the chillers in the tropical portions of the world, all with the end goal of making it snow in Southtown. Why did we need it to snow?

You see, it hasn't snowed in Southtown in over 100 years, and only an event like this will convince the mayor that Santa is real (and get Vixen released from the dog pound). Once people know Santa is real, and believe in him, Santa will go back to delivering presents for all the good boys and girls around the world. All that needs to be done is to ask the Miser brothers to let it snow in Southtown. Regrettably, these brothers do not get a long...at all.

After much bickering between the brothers, Mrs. Claus calls upon Mother Nature to intervene. After we meet Mother Nature, we aren't so surprised that these boys are so kooky. Many mothers wear hats, but not many make a hat out of a bird nest...with birds still in it. The crazy bird lady tells the boys to trade weather, "You let it snow in Southtown, and you allow just one nice spring day at the north pole." And as all boys do, the listen to their mother...sort of. Instead of making the switch they turn it into a game. Each is to hack the other and make the weather change.

As the brothers' battle wages on the electronic battle field, hacking their way through poorly implemented security, a second front is contested as well. A war of words and trash talk takes place on Twitter between the brothers as they attempt to manipulate each other's weather. Just as they nearly complete the challenge, Mother Nature calls for an end to the skirmish and grounds the step-siblings for not following her directions. In the process, she inadvertently destroys the possibility of snow in Southtown.

Fortunately, you, our trusted Santa's helpers, arrived to help save Christmas by making it snow in Southtown. Yup... in this challenge, you were called on to hack pseudo weather industrial control systems so that you could save Christmas! Many of you were able to make it through all the zones and whip up a snowstorm in Southtown and warm weather at the North Pole. The snow in Southtown was enough to convince its residents that there is a Santa. With Santa feeling all the southernly love, he got out of bed and went back to work delivering presents to children worldwide!

On behalf of all the good children of the world, we offer a deep and personal thank you to those challenge participants who saved Christmas. Well done folks... well done.

As part of the task, competitors were asked to document their hacks they used to wrestle control of these systems from these funky-haired brothers. Without further adieu, let's move on to honorable mentions and our winners.

Honorable Mentions:


There were so many fantastic entries that analyzing all the submissions and picking a winner took a good deal of time. It was a labor of love for us, as your creative and deep technical fu shone through in the over 200 entries we received. While the following participants did not get the top prize (or any prize at all), their submissions were among the best and they deserve a special mention. Bragging rights are well earned by these honorable mention designees:

Beau Bullock: For his wonderful photo edit of the Miser brothers talking whilst an elf hacks feverishly in his brilliant write-up.


Mark Johnson-Barbier: For his wonderful verse on SCADA hacking.

Christopher Cole: For trying to find hidden messages. He ran a cracker for 10 days to try to break the hashes or find a hidden message. Tim was going to add a secret message, but he didn't want it to be too easy and he didn't think anyone would let it run that long. Too bad, Christopher and Tim could have exchanged secret weather-related communications.

John Robinson: For putting together a song...and actually singing it! You've gotta check out his Hack Miser Song:

Hack Miser Song

Tom Ueltschi: For submitting a video demoing his script that solves all the levels automatically (Skynet was unavailable for comment), including a slow-motion XOR decryption and gangnam-style tunage. Very cool!

Holiday Challenge 2012 Script

Lukasz Janus: For an off-the-wall submission format using some sort of comic format based on deeply fascinating but hugely disturbed Internet memes. We have no idea how to describe it. It is so oddly beautiful...but mostly odd.

Lukasz Janus Report

Congrats to the honorable mention folks on a job well done.

And now, onto the winners. Remember, we award a prize to the best technical answer, another for the best creative answer that is technically correct, and a third to a random draw inner. Mr. Maestro? Drumroll please...

Technical Winner:


Brian King

Winning Report

Brian's answers were very thorough and well presented (and we got a kick out of the ACM format). He included some excellent screen shots to illustrate the hacks to make it easy for readers to follow along and progress through the levels. One of the things we really wanted to see in the submissions are enhanced edits of the semi-transparent image and the reflected image, and he nailed those beautifully (as did many others). He also included thorough documentation on all the challenges including helpful screenshots, footnotes, and detailed instructions. His answers are concise yet comprehensive, beautifully done.

Brian's report is so comprehensive, it is now the official set of answers to the challenge. Everyone congratulate Brian on his job well done. Awesome work, sir!

Creative Winners:


As many of these submissions where in rhyme, we will respond likewise. As Calhoun Tubbs would say, "Wrote a song (rhyme)about it. Like to hear it? Hear it goes!"

An Epic Poem Announcing the Epic Creative Winners of Epic-ness for the Epic Holiday Hack

'Twas the hack before Christmas, when all through the house
All the hackers were typing, not using a mouse.
The commands typed swiftly with care,
In hopes that St. Nicholas would someday be there.

Each Miser was nestled all snug in his bed,
Grounded by momma wearing birds on her head.
Tom in his 'kerchief*, and I in my cap,
Had just tested the code for a miser app.

When in my inbox there arose such a clatter,
I sprang from the bed to see what was the matter.
Away to the Windows I flew like a flash,
Click to open the letters and check the spam trash.

The submissions were due and came in a flow.
The winner is in there but where I don't know.
When, what to my wondering eyes should appear,
But a fantastic submission, the winner was clear.

With a little light rhyme, so lively and quick,
I knew in a moment it must be the pick.
We must now announce them and provide them some fame,
And whistle and shout, and call them by name!

Now Alex! Now Don! Now, Officers and Gentlemen!
On red bull and coffee and lots of adrenalin!
They wrote a report! One better than all!
Now applaud away! Applaud away! Applaud away all!

The choice was hard, the excellent were many,
But we had to pick one out of the top twenty.
The answers in verse, and technical to boot,
Winners below, are hard to dispute.

* Truth be told, neither of us have ever seen Tom Hessman wear a kerchief. Heck, we don't even know if he owns one.

CW3 Alex Dierkes and CW3 Don Williams

How the Soldier's Saved Christmas

Random Winner:


And finally, we come to our random draw winner. Using Random.org to generate as random a number as we can easily get, the number mapped to...Sean A. Thomas. Congratulations to Sean!

Recap:


To see the full details of the hack please check out Brian King's winning report. As we mentioned above, we will leave the sites up as long as we can. You can come back anytime and work through the levels. Feel free to use them as a learning environment or as a teaching tool for people new to this field. Or, use them to demonstrate your skills as a way to show off and woo potential mates. Or something.

A few items of note:Using Snow Miser's phone image would allow you to bypass Zones 1 and 2. That is part of the reason why our questions asked you how to get through each zone, and not just for the flags. A few of you pointed that out in your reports, which was nicely done! We were going to remove the bypass, but the webpages on the phone wouldn't have the same feel as the rest of the site.

Also, a number of you noted that the URLs were posted on junseek.org found via Google. We anticipated something like this happening but the URLs themselves aren't enough for a winning answer as we required you to describe the hacks and vulns themselves. Well done on pointing out the issue and to those who documented it in their submissions. A few of you even noted the three methods of solving Snow Miser levels 1 and 2. Kudos to you for being so thorough!

...and to all a good-night!

Tim Medin, Ed Skoudis, and Tom Hessman, as well as the rest of the Counter Hack team, would like to extend our thanks to all of the participants. You folks worked hard in conquering the challenge, and sent us some awesome answers that were fun, fascinating, clever, deep, quirky, sweet, and in a few circumstances, powerfully disturbing (in a good way... we think). It is truly an honor for us to work on these kinds of challenges. We're planning on doing another one in December 2013, and hope you'll come back to participate in that next adventure.

In the mean time, you may want to check out some of our other challenges. If you are a high school student, check out CyberFoundations, which runs bi-annually, at www.cyberfoundations.org. If you are a college student, check out our (approximately) quarterly CyberQuests, at www.cyberquests.org. If you are an infosec professional, we encourage you to look at NetWars, our most in-depth series of challenges many organizations use to train their people. NetWars runs on a continual basis 24x7, year-round, at www.sans.org/netwars.

Each of the winners (Brian, Alex & Don, and Sean) will receive an autographed copy of Counter Hack Reloaded, by Ed Skoudis & Tom Liston, specially signed to indicate your amazing accomplishment!

Congrats again to our winners, and HAPPY NEW YEAR to all!

-- Tim Medin, Ed Skoudis, and Tom Hessman

Post a Comment






Captcha

* Indicates a required field.