SANS Holiday Hack Quest 2015 – 1

SANS released a Holiday hacking challenge called “Gnome in Your Home” that had challenges all from reverse engineering, exploiting, auditing, forensics and so on. Before you start, you need to head into the 8bit game Holiday Hack Quest. This game will provide you with both hints and the required files for these challenges.

Dance of the Sugar Gnome Fairies:

Curious Wireless Packets

 

Josh provided me with a suspicious wireless packetcapture https://www.holidayhackchallenge.com/2015/giyh-capture.pcap. He needs help to analyze it.
1) Which commands are sent across the Gnome’s command-and-control channel?
2) What image appears in the photo the Gnome sent across the channel from the Dosis home?

The PCAP contains a lot of DNS requests, and most of them are TXT records which contains base64 encoded data.
By decoding a few of those, you can easily see that this is some form for DNS C&C communication.

But there are way to many TXT records for me to do this manually, so lets make a script for solving it.

 

Commands:
EXEC:iwconfig
EXEC:cat /tmp/iwlistscan.txt
FILE:/root/Pictures/snapshot_CURRENT.jpg

image

Leave a Reply

Your email address will not be published. Required fields are marked *