HACKvent 2015: Day 1
Challenge
Ns ly ns! Hy esy dnmru Yerdg mw xux e parri ser kz epv? Lsv iuy roxhw s nezo g wtoimev xmhnri: Jsth xrk tmmzyvo o'zi lkir rohmxm hsehpc puv cya. Jmbyx cya amvr jmxj mx rohhot sr dni lkiozotx woxzib grh dnir ... knq, ry, lmrn zli sjirdogev oqeqk csexwivl mr dni ayxph gohi gkf. Lk ne lk, tmgo psoo cled? Hyx sz'w xrk xvezl, cya lefk xs nu xlkz! Lezvc enbird, esyby Wexze
Solution
I decode the string above using a Vigenere Cipher solver with the key 'geek' (deduced from frequency analysis).
The message I get is:
ho ho ho! do you think santa is not a funny man at all? for you nerds i have a special riddle: find the picture i've been hiding doubly for you. first you will find it hidden on the hackvent server and then ... ahm, no, find the identical image yourself in the world wide web. ha ha ha, nice joke what? but it's the truth, you have to do that! happy advent, yours santa
The message is pretty clear. First spot I check as a webmaster is /robots.txt (psss go check my websites robots.txt :p). I find 1 disallowed resource which is: /MeMyselfAndI-surfingInTheSky/hacker.jpg
I visit this webpage in my browser and find the picture Santa was hiding, here it is:
Following Santa's clues, I use Google reverse image search to find other images like this on the web.
I find one website with a similar image, namely at: http://hacking-lab.club/
This is what the webpage looks like:
Drat! We are too late, luckily cache is a thing.
You can either check WayBackMachine or Google cache to find a previous state for the webpage.
We inspect the source of the website in Google cache and discover a reference to: /work.jpg
Unfortunately that image is not on the live website but work.png was! (Finding this was just guesswork based on the format of the 'too late' Christmas ball).
This is what work.png looks like:
We scan it to get our flag:
HV15-Tz9K-4JIJ-EowK-oXP1-NUYL