Write up: 2015 Sans Holiday Hack Challenge – Part 3

On By MuttiIn ctf, Random

Introduction

San Institute regularly creates a Christmas holiday hack challenge.

These challenges are a good way to try out new techniques or grow your knowledge in some new area.

As I get time to tackle the challenges I will write up my solution, frustrations and share any techniques that may come in handy for future challenges.

Challenge

Submitted password obtained from mongodb file to Jessica.

Part 3 of the challenge https://holidayhackchallenge.com/

5) What are the IP addresses of the five SuperGnomes scattered around the world, as verified by Tom Hessman in the Dosis neighborhood?

6) Where is each SuperGnome located geographically?

Tom Hessman is in a secret room next to Ed. Ed is in building behind Lynn.

Jessica mentions something about ‘sho Dan’.

Let’s search for SuperGnomes at

https://www.shodan.io/search?query=supergnome
Showing results 1 - 5 of 5
GIYH::ADMIN PORT V.01
52.192.152.132
ec2-52-192-152-132.ap-northeast-1.compute.amazonaws.com
Amazon.com
Added on 2015-12-14 18:41:32 GMT
JapanJapan, Tokyo
Details HTTP/1.1 200 OK
X-Powered-By: GIYH::SuperGnome by AtnasCorp
Set-Cookie: sessionid=hF0I22NapgjBDOWNnHQN; Path=/
Content-Type: text/html; charset=utf-8
Content-Length: 2609
ETag: W/"a31-nAsgWMyW71xFDMvQfBUdQw"
Date: Mon, 14 Dec 2015 18:41:29 GMT
Connection: keep-alive
GIYH::ADMIN PORT V.01
52.2.229.189
ec2-52-2-229-189.compute-1.amazonaws.com
Amazon.com
Added on 2015-12-09 21:32:31 GMT
United StatesUnited States, Ashburn
Details HTTP/1.1 200 OK
X-Powered-By: GIYH::SuperGnome by AtnasCorp
Set-Cookie: sessionid=s6nuccASPPyu18sqVOji; Path=/
Content-Type: text/html; charset=utf-8
Content-Length: 2609
ETag: W/"a31-OGOkFF0jqkiCqPkx06ssVw"
Date: Wed, 09 Dec 2015 21:32:28 GMT
Connection: keep-alive
GIYH::ADMIN PORT V.01
54.233.105.81
ec2-54-233-105-81.sa-east-1.compute.amazonaws.com
Amazon.com
Added on 2015-12-09 21:32:31 GMT
BrazilBrazil
Details HTTP/1.1 200 OK
X-Powered-By: GIYH::SuperGnome by AtnasCorp
Set-Cookie: sessionid=dBe4vF9qzf3KRzvMhOX3; Path=/
Content-Type: text/html; charset=utf-8
Content-Length: 2609
ETag: W/"a31-ViPzOnkT4Luz/Fn1ww80jg"
Date: Wed, 09 Dec 2015 21:32:33 GMT
Connection: keep-alive
GIYH::ADMIN PORT V.01
52.64.191.71
ec2-52-64-191-71.ap-southeast-2.compute.amazonaws.com
Amazon.com
Added on 2015-12-09 21:32:30 GMT
AustraliaAustralia, Sydney
Details HTTP/1.1 200 OK
X-Powered-By: GIYH::SuperGnome by AtnasCorp
Set-Cookie: sessionid=TVAG3lutgC5jiqa2jKKj; Path=/
Content-Type: text/html; charset=utf-8
Content-Length: 2609
ETag: W/"a31-/gDmdagSwkbxjpd2hl3jEQ"
Date: Wed, 09 Dec 2015 21:32:29 GMT
Connection: keep-alive
GIYH::ADMIN PORT V.01
52.34.3.80
ec2-52-34-3-80.us-west-2.compute.amazonaws.com
Amazon.com
Added on 2015-12-09 21:32:30 GMT
United StatesUnited States, Boardman
Details HTTP/1.1 200 OK
X-Powered-By: GIYH::SuperGnome by AtnasCorp
Set-Cookie: sessionid=npHZC7JlRGNBTj07h93T; Path=/
Content-Type: text/html; charset=utf-8
Content-Length: 2609
ETag: W/"a31-hpnbKXG/RjF1+aZGuZ77Mg"
Date: Wed, 09 Dec 2015 21:32:28 GMT
Connection: keep-alive

The five IP addresses and their locations are

52.192.152.132 -JapanJapan, Tokyo

52.2.229.189 -United StatesUnited States, Ashburn

54.233.105.81 -BrazilBrazil

52.64.191.71 -AustraliaAustralia, Sydney

52.34.3.80 -United StatesUnited States, Boardman

Thank you

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s