Home Capture The Flag Write-ups SANS Holiday Hack 2018: Objective 2: Directory Browsing

SANS Holiday Hack 2018: Objective 2: Directory Browsing

Posted on Posted in Capture The Flag Write-ups, SANS Holiday Hack 2018

Objective: Who submitted (First Last) the rejected talk titled Data Loss for Rainbow Teams: A Path in the Darkness? Please analyze the CFP site to find outFor hints on achieving this objective, please visit Minty Candycane and help her with the The Name Game Cranberry Pi terminal challenge.

Answer: John McClane

Analyse CFP Site
Initially visited the site:

  • https://cfp.kringlecastle.com/

Provide two static web pages:

  • https://cfp.kringlecastle.com/index.html
  • https://cfp.kringlecastle.com/cfp/cfp.html

Then checking for directory listings (since objective title suggests) this was found: https://cfp.kringlecastle.com/cfp/

Viewing the “rejected-talks.csv” in notepad or some other sensible tool (not Excel, as it may be malicious – see later posts!!!). We can search for the talk title “Data Loss for Rainbow Teams: A Path in the Darkness”:

And we discover the author was: John McClane