I’ve been working in a computer-related field long enough to be still THRILLED to have the chance to do something hackathon related. Here are my notes from the 2020 Holiday Hack Challenge.
My favourite part of this hackathon were the 3 hens-a-hanging-out. The tasks were difficult for me since I’m a beginner. In the end….I could not crack the Wrapper3000. It’s possible I was getting a faulty result since others reported a different experience.
Best lesson learned: Beginner JavaScripting
Knowledge I expect to be most useful long term: Linux root folder structure
All-in-all I’m going to be hitting the Holiday Hack Challenge in 2021 for sure! Hopefully I’ll have some more new skills by then.
Challenge 1) Uncover Santa’s Gift List
What gift is Santa planning to get Josh Wright. Talk to Jingle Ringford at the bottom of the mountain for advice.
Jewel Loggins – elves can help; pick up objects if you see them laying around; find one near the castle
Finished this challenge….one down!!
Challenge 2) Examine S3 bucket
Can you help me? Santa has been experimenting with new wrapping technology, andwe’ve run into a ribbon-curling nightmare!We store our essential data assets in the cloud, and what a joy it’s been!Except I don’t remember where, and the Wrapper3000 is on the fritz!Can you find the missing package, and unwrap it all the way?
elf@4c676d3aab70:~$
# TIPS- If you need an editor to create a file you can run nano (vim is also available).- Everything you need to solve this challenge is provided in this terminal session.
README bucket_finder.rb wordlistelf@fbe3c183050f:~/bucket_finder$ ./bucket_finder.rb -l out.txt wordlisthttp://s3.amazonaws.com/kringlecastleBucket found but access denied: kringlecastlehttp://s3.amazonaws.com/wrapperBucket found but access denied: wrapperhttp://s3.amazonaws.com/santaBucket santa redirects to: santa.s3.amazonaws.comhttp://santa.s3.amazonaws.com/ Bucket found but access denied: santaelf@fbe3c183050f:~/bucket_finder$ ./bucket_finder.rb -r us -l out.txt wordlisthttp://s3.amazonaws.com/kringlecastleBucket found but access denied: kringlecastlehttp://s3.amazonaws.com/wrapperBucket found but access denied: wrapperhttp://s3.amazonaws.com/santaBucket santa redirects to: santa.s3.amazonaws.comhttp://santa.s3.amazonaws.com/ Bucket found but access denied: santa
____________
< UnicornKim >
————
\
\ \_\_ _/_/
\ \__/
(oo)\_______
(__)\ )\/\
||—-w |
|| ||
After getting access to the bash shell, I found Santa. He didn’t say much….watch for construction.
Could not get root on the Rasp Pi today. Did get to /bin/bash. There are some files in the there that look useful, but not sure how yet.
Talked to Pierre. And the other two chickens. They don’t say much: Hello, Joyeux fettes, Jacques DuGivres!
Next raspberry Pi Unescape Timux:
Need to find the green cheek bird. Found the tmux file
elf@e6b304dc6c73://$ lsbin dev home lib64 mnt proc run srv tmp varboot etc lib media opt root sbin sys usrelf@e6b304dc6c73://$ cd mntelf@e6b304dc6c73://mnt$ lself@e6b304dc6c73://mnt$ cd ..elf@e6b304dc6c73://$ cd srvelf@e6b304dc6c73://srv$ lself@e6b304dc6c73://srv$ cd ..elf@e6b304dc6c73://$ cd tmpelf@e6b304dc6c73://tmp$ lstmux-1000elf@e6b304dc6c73://tmp$ cd tmux-1000elf@e6b304dc6c73://tmp/tmux-1000$ lsdefaultelf@e6b304dc6c73://tmp/tmux-1000$ cd defaultbash: cd: default: Not a directoryelf@e6b304dc6c73://tmp/tmux-1000$ lsdefaultelf@e6b304dc6c73://tmp/tmux-1000$ ls -ls total 00 srw-rw—- 1 elf elf 0 Dec 12 18:05 defaultelf@e6b304dc6c73://tmp/tmux-1000$ cat defaultcat: default: No such device or addresself@e6b304dc6c73://tmp/tmux-1000$ vi defaultbash: vi: command not foundelf@e6b304dc6c73://tmp/tmux-1000$
Piney Sapington: There’s something wrong with Santa. He’s cancelling projects.
Played some Elf Code
Talked to Robb Bonbowford:
Finished the Linus Primer. Sugarplum Mary is asking for help with her point-of sale terminal. It is asking for a password and she never set one. Might be an electron application. Extract ASAR file from binary.
In the kitchen, tried Red’s Bug Hunt – no patience for it today. Will try again later.
Talked to Fitsy Shortstack. Need to make a handshake. The phone number is 756-8347….didn’t get anything to change here
Talked to Sparkle Redberry – to get to the different floors you need to power the various colour receivers. With the key you can look under the panel and see the S4. May be a way to bypass the S4 stream.
Santa portrait: on the Enigma machine: QWERTZUI; A coke zero spelled Ceca Zero; initials on the desk JFS; little bug coloured blue, pink, green orange; an elves legs, a vase; black box with a raspberry pi symbol on it; an S by the left knob; police box – like from Dr Who – with Ts in the stained glass windows; a Kringle Con medal; almost looks like a U or a C could be written on the vase;
Solved the billboard objective
Went to the raspberry pi at the landing area. Checked out the plant menu entry. It says ejm96 by its base.
The S3 bucket: kringlecastle wrapper santa
17DEC2020 – back to the S3 bucket
The talk by the Josh said to try different words. I added to the list of words including Wrapper3000, wrapper3000 (got a tip on that one), SantaClaus, KrisKringle. There is a bucket called wrapper3000 – which had a file called package. I got the file. It looks encrypted.
I’m going to have to go out of here to go look at the tip in my badge again (Argh….shouldda written it down).
The command I need when I come back: ./bucket_finder.rb –download wordlist
Tips I have:
Santa’s Wrapper3000 is pretty buggy. It uses several compression tools, binary to ASCII conversion, and other tools to wrap packages.
Ok….used
File package to find out it’s an ascii file….that only took forever. Like ok, an hour.
Found this command online: awk ‘{ for(i=1;i<=1000;i++) printf(“%c”,$i); print” “; }’ package. When I used it it printed a single U. There’s got to be more to this file than that.
elf@184c19b15657:~/bucket_finder/wrapper3000$ awk ‘{ for(i=0;i<=10;i++) {printf(“%c”,$i); print i;} }’ packageU0U12345678910elf@184c19b15657:~/bucket_finder/wrapper3000$ cat package UEsDBAoAAAAAAIAwhFEbRT8anwEAAJ8BAAAcABwAcGFja2FnZS50eHQuWi54ei54eGQudGFyLmJ6MlVUCQADoBfKX6AXyl91eAsAAQT2AQAABBQAAABCWmg5MUFZJlNZ2ktivwABHv+Q3hASgGSn//AvBxDwf/xe0gQAAAgwAVmkYRTKe1PVM9U0ekMg2poAAAGgPUPUGqehhCMSgaBoAD1NNAAAAyEmJpR5QGg0bSPU/VA0eo9IaHqBkxw2YZK2NUASOegDIzwMXMHBCFACgIEvQ2Jrg8V50tDjh61Pt3Q8CmgpFFunc1Ipui+SqsYB04M/gWKKc0Vs2DXkzeJmiktINqjo3JjKAA4dLgLtPN15oADLe80tnfLGXhIWaJMiEeSX992uxodRJ6EAzIFzqSbWtnNqCTEDML9AK7HHSzyyBYKwCFBVJh17T636a6YgyjX0eE0IsCbjcBkRPgkKz6q0okb1sWicMaky2Mgsqw2nUm5ayPHUeIktnBIvkiUWxYEiRs5nFOM8MTk8SitV7lcxOKst2QedSxZ851ceDQexsLsJ3C89Z/gQ6Xn6KBKqFsKyTkaqO+1FgmImtHKoJkMctd2B9JkcwvMr+hWIEcIQjAZGhSKYNPxHJFqJ3t32Vjgn/OGdQJiIHv4u5IpwoSG0lsV+UEsBAh4DCgAAAAAAgDCEURtFPxqfAQAAnwEAABwAGAAAAAAAAAAAAKSBAAAAAHBhY2thZ2UudHh0LloueHoueHhkLnRhci5iejJVVAUAA6AXyl91eAsAAQT2AQAABBQAAABQSwUGAAAAAAEAAQBiAAAA9QEAAAAA