The Internet of Stuff and Things

SANS Holiday Hack Challenge 2025 - Frosty Frostafier Flag: hhc25{Frostify_The_World_c05730b46d0f30c9d068343e9d036f80} Challenge Overview Frosty Frostafier is a multi-stage web application security challenge that combines AI prompt injection, Server-Side Template Injection (SSTI) with filter bypass, steganography, cryptography, and privilege escalation to achieve root access and capture the flag. Attack Chain Summary ┌─────────────────────────────────────────────────────────────────────────────┐ │ 1. AI Chatbot Prompt Injection │ │ └─► Extract admin credentials from AI assistant │ ├─────────────────────────────────────────────────────────────────────────────┤ │ 2. SSTI with Octal Encoding Bypass │ │ └─► Achieve RCE as www-data user │ ├─────────────────────────────────────────────────────────────────────────────┤ │ 3. Pri...

KringleCon 2 - Obj 7 7) Get Access To The Steam Tunnels Difficulty: 🎄🎄🎄 (3/5) Gain access to the steam tunnels. Who took the turtle doves? Please tell us their first and last name. For hints on achieving this objective, please visit Minty's dorm room and talk with Minty Candy Cane. In our way to the dorm to talk to Minty Candy we found a little inconvenience... Tangle Coalbox Hey kid, it's me, Tangle Coalbox. I'm sleuthing again, and I could use your help. Ya see, this here number lock's been popped by someone. I think I know who, but it'd sure be great if you could open this up for me. I've got a few clues for you. One digit is repeated once. The code is a prime number. You can probably tell by looking at the keypad which buttons are used . We are presented with the Key Lock, and we can clearly see that the code consist of 3 numbers, 1,3 and 7 because they are the mostly used on the pad. First we need a list of all permutations wi...

SANS Holiday Hack 2017 1) Visit the  North Pole and Beyond  at the  Winter Wonder Landing  Level to collect the first page of  The Great Book  using a giant snowball. What is the title of that page? About This Book Terminal #1 | \ ' / -- (*) -- >*< >0<@< >>>@<<* >@>*<0<<< >*>>@<<<@<< >@>>0<<<*<<@< >*>>0<<@<<<@<<< >@>>*<<@<>*<<0<*< \*/ >0>>*<<@<>0><<*<@<< ___\\U//___ >*>>@><0<<*>...

*** DON'T TRY THIS AT HOME/WORK**** Today I got a wonderful Phisihng email, the attacker sent me a DHL bill for an account I don't have so that's the first red flag, then the attachment was an HTML instead of a PDF as stated in the email So I decided to take a look... I downloaded the attachment and took a pick form my WSL Linux console Very interesting:   The HAKWELOTANIYDEK variable contains my email address The Stivenkalvin variable has a base64 value that decoded becomes  hXXp://ocbpremium.org/app/loi1hn.php so this website has been probably hacked and now host this PHP creds collector. BTW, I try putting HAKWELOTANIYDEK in Google translate and the best match was a romanization of Arab  When trying that URL we get redirected to office.com, probably because we don't have the right parameters to give the PHP, making people think this is a legit website. With curl -L we can follow any redirects, HTTP code 302 indicates a redirection and the Location where are we goi...