Santa's Gift-Tracking Service Port Mystery

Difficulty:
Direct link: Santa's Gift-Tracking Service Port Mystery
Area: Near the apartment building
In-game avatar: Yori Kvitchko

Objective

Request

Chat with Yori near the apartment building about Santa's mysterious gift tracker and unravel the holiday mystery.

Yori Kvitchko

I was Ed's lost intern back in 2015, but I was found!
Think you can check out this terminal for me? I need to use cURL to access the gift tracker system, but it has me stumped.
Please see what you can do!

High-Level Steps

1. Recon – Enumerate listening ports and running services.
2. Discovery – Review documentation to identify the correct service access method.
3. Access – Connect to the service port to complete the objective.

flowchart LR

  subgraph Recon
    A[Enumerate listening ports<br/>ss -tlnp]
  end

  subgraph Discovery
    B[Review README.txt<br/>and available tools]
  end

  subgraph Access
    C[Connect to service<br/>via telnet on port 12321]
    D[Objective completed]
  end

  A --> B --> C --> D

Solution

Initial console

Show all the TCP ports and the processes.

ss -tlnp

There is a README.txt which shows all the executables at our disposal.

ls -lah
cat README.txt

We use telnet to connect to port 12321.

telnet 127.0.0.1 12321

We could connect to the port and the objective is completed.

Answer

Solved in the game.

Response

Yori Kvitchko

Great work - thank you!
Geez, maybe you can be my intern now!

Learnings

Sometimes services are exposed on non-standard ports. Scan all ports, interact with all services on those ports.

Prevention & Hardening Notes

1. Don't expose services on non-standard ports.
2. Regularly scan from the outside to know exactly what's exposed.