capture the flag, hacking, owasp

@RealTryHackMe #AdventOfCyber Series: Challenge 4 – Santa’s Running Behind

Another day, another challenge…

In this post, we’re starting a new series the Advent of Cyber series that is hosted by TryHackMe. This is the third year of the Advent of Cyber where a challenge is released everyday leading to Christmas. In total there will be 25 challenges. In these challenges, we’re McSkidy an elf trying to save Christmas.

In our fourth challenge, we’re presented with a scenario where Santa is running behind! We also learned that Santa has been naughty and did not adhere/follow the password requirements. Christmas is in jeopardy, and we need to help Santa get back on track. In this challenge the topics explored are authentication which is used to verify who we are to a system. The most common way to do this is with a username and password, but another technique is to use biometrics which is something that is unique to a person such as their fingerprint and/or retina (eye) scan.

The next topic discussed is fuzzing which is the automated process of finding information. In our case, we’re going to use fuzzing to find Santa’s password to get into the system and view his calendar. With fuzzing, there’s a tool that’s going to be used an interception proxy which intercepts requests before they are sent to the server. Remember the HTTP protocol (which we’re using) relies on requests and responses to communicate.

Can we use the topics above to make sure Santa stays on schedule and deliver the presents on time?

Well… click the below video to find out!

P.S. We also need to have a serious talk with Santa on following the password requirements in the future, so this doesn’t happen again!

If you enjoy my content, buy me a coffee. Link –>

Leave a Reply