![]() ![]() The CSV format is id,created_at,text so I used awk to ignore the first two fields and dump the text:Ī “B”? Sweet it’s ASCII art! No crypto or stego needed :D Scrolling down through the tweet content, it spells out: BUGBOUNTY Instagram Clues The script downloaded the tweets to santawslcaus_tweets.csv. Once I had all that, I modified the script to dump tweets from (not as I first tried - really confused why it wasn’t working): It needs Twitter API credentials, so I created a new Twitter app on to get an API key, API secret, and access token. Then I actually found a public Gist which does exactly what I wanted. I found this great walkthrough about data mining in Twitter using Tweepy. I knew it had to be fairly straightforward to download a user’s tweets. I had heard of Tweepy before but hadn’t used it. But I wasn’t going to give up on step 1, so I figured the first step would be to grab all his tweets and run some frequency analysis and maybe some sort of code will come out of it. When I saw his Twitter account, my heart sank a little since I hate crypto and stego challenges. What is the secret message in Santa’s tweets?. ![]() It pointed to his Twitter and Instagram accounts. I started the the hack challenge by entering the game world and finding my first clue, a business card from Santa: We’re not infallible and we definitely don’t get the solution immediately and in one try. They completely ignore all the buildup and discovery, which are super important parts for pentesters. I’m not a huge fan of solution writeups that just say “here’s the solution, all it takes is this oneliner”. Note: Sorry for the long writeup, but I wanted to try to fully capture my thought process on each of these challenges, and discuss the failures and rabbit holes I went down. So without further ado, here is my write up on solving the SANS Holiday Hack Challenge 2016. All challenges were amazingly well done, and unlike some other CTFs I’ve participated in, they were all based on “real-world” examples and techniques which gave me a chance to practice and hone my skills and learn some new ones. I started on Christmas Eve and after several days of borderline dangerous obsessive completion-compulsion, I had solved all the challenges. I saw some people on Twitter talking about the SANS Holiday Hack Challenge, and decided I would finally give it a try.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
January 2023
Categories |