Detailed technical write-up for KRINGLECON 2 CTF by Salaheldin
Please Visit https://kringlecon2.salaheldin.online/ to view the writeup
This a preview of a very high quality map for ELF University.
To zoom and check the details please download the full quality. click here:
Check the objectives in your badge, You will have the 6 objectives then unlock new objective by talking to the elves you find in the university:
| Objective | Type | Location | Tools |
|---|---|---|---|
| 0/ Talk to Santa in the Quad | Talk | The Quad | |
| 1/ Find the Turtle Doves | Explore | The student union | |
| 2/ Unredact Threatening Document | Explore | The Quad | |
| 3/ Windows Log Analysis: Evaluate Attack Outcome | Logs Analysis | The event log data | DeepBlueCLI |
| 4/ Windows Log Analysis: Determine Attacker Technique | Logs Analysis | The normalized Sysmon logs | EQL |
| 5/ Windows Log Analysis: Determine Compromised System | Logs Analysis | Zeek logs | RITA |
| 6/ Spunk | SOC | Splnuk Server | Splunk |
| 7/ Get Access To The Steam Tunnels | Multi | Minty's dorm room | Multi |
| 8/ Bypassing the Frido Sleigh CAPTEHA | Machine Learning | fridosleigh | Python |
| 9/ Retrieve Scraps of Paper from Server | SQL Injection | Student Portal | Sqlmap |
| 10/ Recover Cleartext Document | Reverse Engineering | elfscrow app | IDA |
| 11/ Open the Sleigh Shop Door | Web Dev | Carte | Web Dev |
| 12/ Filter Out Poisoned Sources of Weather Data | Logs Analysis | SLEIGH ROUTE FINDER API | jq |
As we walk around, we can find various challenges, and as we talk to the elves standing near them, we get some hints.
| Challenge | Type | Direct Url | Elf | Location |
|---|---|---|---|---|
| 1 Escape Ed | Ed editor | Link | Bushy Evergreen | The train station |
| 2 Linux Path | Linux | Link | SugarPlum Mary | The Hermey Hall |
| 3 Xmas laser cheers | Powershell | Link | Sparkle Redberry | The Laboratory |
| 4 Splunk - The training questions | SOC - Splunk | Link | Professor Banas | The Laboratory |
| 5 Mongo Pilfer | MongoDB | Link | Holly Evergreen | Netwars Room |
| 6 Nyanshell | Linux Shell | Link | Alabaster Snowball | The Speaker UNpreparedness Room |
| 7 Frosty Keypad | Keypad | Link | Tangle Coalbox | The Quad |
| 8 Holiday Hack trail | Web Pentest | Link | Minty Candycane | The Dorm |
| 9 Get Access To The Steam Tunnels | Key Bitting | Link1 Link2 | Krampus | Minty's Room |
| 10 Graylog | Log Analysis | Link | Pepper Minstix | The Dorm |
| 11Smart Braces | Iptables | link | Kent Tinseltooth | Student Union |
| 12 Zeek JSON Analysis | Log Analysis | Link | Wunorse Openslae | Sleigh Shop |
Virtual Machines I used:
-
Slingshot from SANS.
Recording terminal: