The purpose of this repository is to host writeups for the SANS Holiday Hack Challenge 2023.
The only writeup to get produced this year though, is a detailed technical description on how to solve the challenge Linux 101, but doing it in a totally unintended way.
It involves exploiting multiple weaknesses in the challenge as well as some reversing. It ends with a root shell and an investigation of how a challenge is being reported as completed. It turns out it is done using specially formatted #####hhc:{}##### strings sent over the websocket associated with the terminal.
Enjoy!
Lars Helgeson (@larshson at discord, GitHub, X, etc.) larshson@gmail.com