 Hey, what's up YouTube welcome back to another video on crinkle con the sans-hauled a hack challenge 2018 So in the last video, we were just wrapping up objective number two now. Let's check out objective number three So to review we were right in front of Tangle co-box and the lethal forensic elfication terminal challenge Herbie Zimmerman is kind of in the way. So I'm sorry. You can't see that right now But let's check out what Tangle co-box had to say just to review Looks like the terminal challenge is discussing a Linux terminal editor and digital traces that it leave that it left behind Sorry And when we viewed the hint that they actually kind of offered to us it was something regarding VIM artifacts So we open this up and it talks all about in the page that it brings us to the dot VIM info file So it proceeds that the file name is preceded with a dot, right? So it's a hidden file that we would it's stored in our home directory And we can see it when we actually start up this terminal challenge. So let's go do that I'll hit back and hopefully it will bring me back to the game. Perfect. It does. No one is here That's weird. They all disappeared. So let's open up lethal forensic elfication and Looks like Christmas is coming. And so it would seem elf resources crushes elves dreams Find the first name of the elf of whom a love poem was written complete this challenge by submitting that name to run To answer so last time I just ran LS in this directory and there was nothing there except run to answer So it looks like well, there's nothing for us to work with where else could be could we look Use LS tack a to view all the files and you can see we have some Dot bash history which might be interesting to actually check out That's always kind of peculiar in case sometimes we can't see or we can see Turn off bash history sometimes it's kind of interesting to find If you're on a game or terminals are shared to see other players terminal history and check out their bashes rates So you could do if you particularly wanted to anyway We see this dot dot secrets file or that folder there so we can change directory into that and In there we have a folder called her so let's check out that and now we have poem dot text Let's just cat it out so we can see it here poem dot text great So Once upon a slave so wary mortals scrub the grime so dreary weary dreary a Slant run, maybe I just can't read. I don't know anything. I didn't go to school I went to a school, but I didn't go to a good school by any means I Don't want to read all this to you, but it looks like we have it never more Peering through the peephole smiling reaching forward and unlocking never more intense. Oh stalking blah blah blah by his lovely never more So never more is Seemingly something that may be trying to redact some information, right? So again, if we wanted to we could go ahead and check out that dot vim info file So I'm gonna nano that I suppose which I know is ironic. Oh, I don't even have no that sucks Let's use cat and I'll just pipe it to less. I don't have less Wow Thanks docker container. All right, I just had it out. I'll scroll up and let's see what we can work with here There's a lot of stuff, right? There's a lot of nonsense seemingly when you don't look at it But these comments here denoted by the vim info file are good They're they kind of will be self-explanatory and what it is that it's really discussing or what was the last thing that was done So you can see the last substitute search pattern looked like Eleanor is kind of some readable text in there last substitute string. Okay, it looks like never more That's what we had seen in the in the file here command line history newest oldest So save and quit save and quit W is right right and Q is quit as we saw in the editor skills essential editor skills Turmbary pie terminal challenge. So it looks like we read that secret poem earlier And then we tried to substitute with some regex here Eleanor with nevermore. Okay, so we're clearly Successfully running those commands as it's denoted here and then we just wrote to the file and quit So Eleanor is what nevermore was and that looks like that's our answer, right? That's the original name So let's go ahead and run to answer with that information Take some time to load as usual Who was the poem written about Eleanor hit enter and you can see the achievement down there awesome Looks like Eleanor is trying to be spelled out here. Thank you for solving the mystery Reading the info vim info file sure did the trick Cool. So now we can talk to Tangle call box again to try and get some other hints. Thanks for helping me with the investigation You have you been able to solve the lock with the funny shapes? It reminds me of something called the Dibrogen sequence sequences. I don't know. I'm sorry forgive me if I'm saying that wrong. I Just read things you can optimize the guesses because there's no start and stop Each new value is added to the end and the first is removed. I've seen these sequence generators online Huh, here's the length of the alphabet. There are four only four buttons and the length of the pin is four as well Okay, mathematically that means k equals four and n equals four to generate the sequence Math is like your note pattern pencil. You can't leave home without it. Cute. Very cute. I heard alabaster loss is bad It's pretty bad. Do you think someone can do with that? Huh? Okay odd This is the door passcode right here and this is the speaker unpreparedness room Which is what is kind of hinted to us in the hints here So or I'm sorry the objectives if you look at number three when you break in the speaker unpreparedness room What does morsel nugget say if for hints on achieving this? Okay, so we've covered him already The hints that that person gave us tango call box. Yeah Tangle call box gives us a website here with the De Bruin sequence generator I open it up in a new tab So this is one of those online generators that the elf was just discussing right k and n These are the two values for k is the number of is the alphabet right or the number of possible characters It could be in that sequence and a string length of four in this case So that's n so if I were to go back there you you could see this if we clicked on the door passcode These are the four characters that we could enter and it's a four character length passcode Right so four and four and those variables would update or change if you had a different criteria So going to this little generator here We could see if we were to supply k equals four and n equals four hit, okay It's generating the sequence or how it would look because these numbers wrap around right you can see that that would wrap And I'll show that here if I were to go back to it Let's say I added a square a square is added to the end and the triangle that was on the beginning just popped off Right, so it moved around Okay, so Let's go back to this right you can see the table that shows us a more structured version of the sequence So if we were to try these values one of them would eventually be correct because it's wrapping all around You see it's much a much more optimized search than a simple brute force search And we can go ahead and try this if we wanted to what I'm gonna do is actually just put this on my top screen so I can see it and I will just crank through these Okay, sorry the answer was totally visible, but I'll cover this anyway Let's say I wanted to go with zero or zero zero one which is zero zero zero one, right? And then zero zero zero two Sorry, that's stupid One of them was correct and we can go check that out. We can go view Those just what we had done before I had entered zero zero one one in that case and now zero zero one two And then zero looks like that's the correct guess So what that looks like as we're viewing it is zero one two zero And that was the sequence and because it wrapped around just me entering all of those in that sequence was able to find Where that correct one was so now that we've got that unlocked we can walk through the speaker unpreparedness room and Hash browns here. Hey, what's up and I'm more so nugget so he says welcome unprepared speaker excellent So if we were to enter that in our badge Or just the objectives here. It says welcome unprepared speaker Hit enter looks like we've got the green check mark that challenge is done excellent. Okay, so Kind of funny thing, right? I didn't do that through the game didn't do it through Kringle con originally I had tried to do it through Just the static web page on haul to hack challenge calm So they give us a link to a door passcode, which is its own little website here door passcode and dot And I actually looked at this and I didn't want to deal with the de Bruyant sequence or something I thought like oh, this is something that I can brute force So I literally brute-forced all the potential things and never even saw it get the right one But I looked at the source code to this web page and if you actually check it out Yeah, there's a lot of JavaScript here It looks like it does stuff but if you keep scrolling down I noticed hmm There's an image ID equals banner source equals database of victory banner dot PNG Maybe that DB doesn't send for database, but honestly, I looked at this and it's like hmm victory banner It says this image says welcome unprepared speakers. So I type that in and solve that challenge Obviously that took a little to no work Just view the source and open that image up But that's what I had done when I really went through all this although certainly I think learning about this thing the de Bruyant sequence and sorry It's back on my top screen, but you know, we don't need this open anymore. We can kill it That's that that's challenge number three objective number three. So very cool. We're just cruising right through this Before the end of the video, uh, let's go ahead and take a look at the next challenge See what we've got here Actually, let's look at the narrative because we actually haven't taken a look at that in some time As you walk through the gates a familiar red-suited holiday figure warmly welcomes all of the special visitors criminal con great Suddenly all the elves in the castle start looking very nervous You can overhear some of them talking with worry in their voices the toy soldiers who were always gruff Now seem especially determined as they lock all the exterior entrances the building and barricade all the doors No one can get out and the toy soldiers grunts and take on Take on an increasingly sinister tone So those toy soldiers were not that nice and we knew that right when we talked to them They're just kind of jerks So maybe they are sinister and evil hands is watching haunts. How do I say that guy's name? I don't know. I'm not going All right. What do we have next? Let's take a look at our badge and see what it is that is a Objective number four is all about data repo analysis retrieve the encrypted zip file from the north pole get repository What is the password to open this file for hints on achieving this objective? Please visit one horse open sleigh and help them with the stall mucking report Cranberry pie. All right. We saw one horse open sleigh downstairs Cool. Here we are at one horse open sleigh. Let's check out what he has to say. Hello What was that password golly passwords may be the end of all of us good guys can't remember them and bad can't guess them I've got to upload my chore report to my manager's inbox, but I can't remember my password Still with all the automated tasks we use. I bet there's a way to find it in memory. Huh, okay Let's check out what that hint was. I guess I don't know entirely what this Challenge is about. But if we look at the hints here from one horse open sleigh plain text credentials and commands keeping command line passwords out of ps Passwords on the command line visible to ps not in Linux. Hmm 13 ways to make your overall database more secure run a sequel So this is the case where sometimes when people will log into a service or connect to something like sequel or samba or anything They will enter the password in the command that runs it and you can actually visit that Like view that sometimes and windows taskless v will display the username and password on unix the ps command will do the same On the other hand if you run the sequel script like this sequel plus no logs You have to connect system oracle in this oracle script myself and the oracle password will not be visible. That's a good point Linux does not actually have this problem at all. I found that Linux doesn't display the sequel plus username and oracle 9 and 10 Huh are there comments on this? Nope looks like not But looks like that's the idea is being able to see the command line that actually started a program and make that visible to uh While we're looking at it in linux. So let's take a look at what that is The stall mucking report Oh, I hit f11 while I was inside the docker container and it yelled at me So thank you madam or sir for the help that you bring I was wondering how I might rescue my day finished mucking out stalls and all those pulling the sleigh My report is now due where my cringles in a sling I think cringle is something to censor something because that's what that's what all the the when you chat and you type a bad word It replaces it with cringles. So I'm I I think that's funny that they use that here There's a samba share here on the terminal screen What I normally do is to upload the file with our network credentials We've shared for a while when I try to remember my memories clean be it last night's nogmender or just lack of rest Complete this challenge by uploading the else report.txt file to samba share at this location and we have report.txt here Can you check it out? Okay, nothing peculiar or interesting there, but all right That's cool enough of a cliffhanger for the end of this video. Uh, thank you guys for watching We'll tackle this in the next video, but uh, I hope you're enjoying the series. I hope you're having fun with it I certainly am. I love the sans holiday hack challenge and I say that again and again I'll say it until I die or you know My youtube channel dies On that note like comment and subscribe. I'll see you guys in the next video. I love you. Bye