Welcome⚓︎
Introduction⚓︎
Hi and welcome to my 2020 SANS Holiday Hack Challenge write-up. This is now the third time I've had the privilege of traveling to the North Pole to attend KringleCon and help out Santa and the elves with solving all sorts of hacking shennanigans. It has really become the main CTF event I look forward to with a lot of anticipation each year! 
There's 3 main sections. This page which contains the introduction, answers, and overall narrative. Objectives contains the write-ups for the main objectives for which an answer had to be submitted and Terminal hints has the write-ups for the additional side challenges which provide you with hints to help solve the main objectives.
A few additional things worth pointing out are the reverse shell obtained on the Broken Tag Generator challenge, the large but very much incomplete list of Easter eggs (e.g., Garden Party, the story behind all those landscape paintings, the New Jersy Turnpike exit, Jason is back... twice!), and the custom scripts that helped solve some of the challenges.
Finally, I hope you have as much fun reading this write-up as I had writing it! 
50-page submission limit
Each year there's a huge number of write-ups that need to be reviewed by the SANS and Counter Hack teams. To find a good middle ground between preventing information overload and creating a write-up that can stand on its own as a learning resource some parts, like the navigation tip below, are collapsed by default. Skipping over these will not take away from understanding the overall solution, but feel free to expand them to get some additional information.
Navigation tip
Even with less than 50 pages, there's still quite a bit of information to read through. To make things a little easier, you can use P or , to go to the previous section, N or . to navigate to the next section, and S, F, or / to open up the search dialog.
TL;DR if you keep pressing N or . from this point forward, you'll hit all the content in the right order! 
Answers⚓︎
1. Uncover Santa's Gift List -
2. Investigate S3 Bucket -
3. Point-of-Sale Password Recovery -
4. Operate the Santavator -
Create a working configuration using items found in the castle or bypass the stream.
5. Open HID Lock -
Use lf hid sim -r 2006e22f13 to unlock the door using Shinny Upatree's badge information.
6. Splunk Challenge -
7. Solve the Sleigh's CAN-D-BUS Problem -
8. Broken Tag Generator -
9. ARP Shenanigans -
10. Defeat Fingerprint Sensor -
Use the besanta token. The first thing Tinsel Upatree says is GOSHGOLLY
11a. Naughty/Nice List with Blockchain Investigation Part 1 -
11b. Naughty/Nice List with Blockchain Investigation Part 2 -
fff054f33c2134e0230efb29dad515064ac97aa8c68d33c58c01213a0d408afb
Challenges⚓︎
| Name | Floor | Room | Terminal Hint | Related Objective |
|---|---|---|---|---|
| Jingle Ringford | - | NJTP | - | Uncover Santa's Gift List |
| Shinny Upatree | - | Front Lawn | Kringle Kiosk | Investigate S3 Bucket |
| Sugarplum Mary | 1 | Courtyard | Linux Primer | PoS Password Recovery |
| Sparkle Redberry | 1 | Castle Entry | - | Operate the Santavator |
| Pepper Minstix | - | Front Lawn | Unscape Tmux | Operate the Santavator |
| Ribb Bonbowford | 1 | Dining Room | The Elf C0de | Operate the Santavator |
| Bushy Evergreen | 2 | Talks Lobby | Speaker UNPrep | Open HID Lock |
| Fitzy Shortstack | 1 | Kitchen | 33.6kbps | Open HID Lock |
| Angel Candysalt | 1 | Great Room | - | Splunk Challenge |
| Minty Candycane | 1.5 | Workshop | Sort-o-Matic | Splunk Challenge |
| Wunorse Openslae | R | NetWars Room | CAN-Bus Investigation | CAN-D-BUS Problem |
| Holly Evergreen | 1 | Kitchen | Redis Bug Hunt | Broken Tag Generator |
| Noel Boetie | 1.5 | Wrapping Room | - | Broken Tag Generator |
| Alabaster Snowball | R | NetWars Room | Scapy Prepper | ARP Shenanigans |
| Tinsel Upatree | 3 | Santa's Office | - | Defeat Fingerprint sensor |
| Tangle Coalbox | 1 | Speaker UNPreparedness | Snowball Fight | Naughty/Nice List Part 1 and Part 2 |
Conclusion⚓︎
Narrative
KringleCon back at the castle, set the stage...
But it's under construction like my GeoCities page.
Feel I need a passport exploring on this platform -
Got half floors with back doors provided that you hack more!
Heading toward the light, unexpected what you see next:
An alternate reality, the vision that it reflects.
Mental buffer's overflowing like a fast food drive-thru trash can.
Who and why did someone else impersonate the big man?
You're grepping through your brain for the portrait's "JFS"
"Jack Frost: Santa," he's the villain who had triggered all this mess!
Then it hits you like a chimney when you hear what he ain't saying:
Pushing hard through land disputes, tryin' to stop all Santa's sleighing.
All the rotting, plotting, low conniving streaming from that skull.
Holiday Hackers, they're no slackers, returned Jack a big, old null!
We already knew from last year's narrative and cliffhanger that Jack Frost was in cahoots with the Tooth Fairy, silently working from the shadows. This year we got to unravel his evil plan and actually stop him! Jack Frost not only tried to prevent the expansion of Santa’s Castle but he also gave Santa a magical portrait so he could become him and destroy the holidays! 
Santa
Thank you for foiling Jack’s foul plot!
He sent that magical portrait so he could become me and destroy the holidays!
Due to your incredible work, you have set everything right and saved the holiday season!
Congratulations on a job well done!
Ho Ho Ho!
Jack Frost
My plan was NEARLY perfect... but I never expected someone with your skills to come around and ruin my plan for ruining the holidays!
And now, they’re gonna put me in jail for my deeds.