The Internet of Stuff and Things

SANS Holiday Hack Challenge 2025 - Frosty Frostafier Flag: hhc25{Frostify_The_World_c05730b46d0f30c9d068343e9d036f80} Challenge Overview Frosty Frostafier is a multi-stage web application security challenge that combines AI prompt injection, Server-Side Template Injection (SSTI) with filter bypass, steganography, cryptography, and privilege escalation to achieve root access and capture the flag. Attack Chain Summary ┌─────────────────────────────────────────────────────────────────────────────┐ │ 1. AI Chatbot Prompt Injection │ │ └─► Extract admin credentials from AI assistant │ ├─────────────────────────────────────────────────────────────────────────────┤ │ 2. SSTI with Octal Encoding Bypass │ │ └─► Achieve RCE as www-data user │ ├─────────────────────────────────────────────────────────────────────────────┤ │ 3. Pri...

KringleCon 2 - Obj 7 7) Get Access To The Steam Tunnels Difficulty: 🎄🎄🎄 (3/5) Gain access to the steam tunnels. Who took the turtle doves? Please tell us their first and last name. For hints on achieving this objective, please visit Minty's dorm room and talk with Minty Candy Cane. In our way to the dorm to talk to Minty Candy we found a little inconvenience... Tangle Coalbox Hey kid, it's me, Tangle Coalbox. I'm sleuthing again, and I could use your help. Ya see, this here number lock's been popped by someone. I think I know who, but it'd sure be great if you could open this up for me. I've got a few clues for you. One digit is repeated once. The code is a prime number. You can probably tell by looking at the keypad which buttons are used . We are presented with the Key Lock, and we can clearly see that the code consist of 3 numbers, 1,3 and 7 because they are the mostly used on the pad. First we need a list of all permutations wi...

SANS Holiday Hack 2017 1) Visit the  North Pole and Beyond  at the  Winter Wonder Landing  Level to collect the first page of  The Great Book  using a giant snowball. What is the title of that page? About This Book Terminal #1 | \ ' / -- (*) -- >*< >0<@< >>>@<<* >@>*<0<<< >*>>@<<<@<< >@>>0<<<*<<@< >*>>0<<@<<<@<<< >@>>*<<@<>*<<0<*< \*/ >0>>*<<@<>0><<*<@<< ___\\U//___ >*>>@><0<<*>...