SANS Holiday Hack 2018: Objective 4: Data Repo Analysis

Objective: Retrieve the encrypted ZIP file from the North Pole Git repository. What is the password to open this file? For hints on achieving this objective, please visit Wunorse Openslae and help him with Stall Mucking Report Cranberry Pi terminal challenge.

Answer: “Yippee-ki-yay”

Analysing North Pole Git repository
Using a standard web browser I visited the GitLab based Git repository:

https://git.kringlecastle.com/Upatree/santas_castle_automation

Using the search functionality I was able to find all the ZIP files in the HEAD of the master branch, I also checked there were no other branches in this repository:

The only ZIP file to be found was: schematics/ventilation_diagram.zip

And attempting to extract this file using 7Zip shows the file is password protected. At this point I started considering brute-forcing the password or looking at ZIP file password attacks.

Though before looking at attacking the ZIP file, I did a bit more searching through the files in the repository. Then a quick manual review of the commits, discovering the following:

This provided us with a possible password: “Yippee-ki-yay”

The ZIP file contents were stored, as these provided maps to the Google Ventilation Challenge, which we had already solved. The maps are in two levels:

1F = Lower Level, where ‘2’ marks the link between levels. Other is start point.

2F = Upper Level, where ‘1’ marks the link between levels. Other is end point.