| Objective: Santa's Gift-Tracking Service Port Mystery | Difficulty Level: 1 |
|---|---|
| Chat with Yori near the apartment building about Santa's mysterious gift tracker and unravel the holiday mystery. | Location: Outside the Apartment Building |
Solution Overview
Yori is located in front of Modern Scandinavia with the Santa's Gift-Tracking Machine. Yori tells us that we need to use curl to access the gift tracker system and identify which port thesanta_tracker process is running on after the gnomes meddled with the app and changed its port from 8080 to an unknown value.
We use the ss -tlnp command, analagous to a netstat command, and identify port 12321 on the localhost showing activity. curl 127.0.0.1:12321 successfully connects to the service.
| Activity | Primary Tactic | MITRE ATT&CK Technique ID | MITRE ATT&CK Technique Name |
|---|---|---|---|
| Enumerate Listening Ports | Discovery | T1049 | System Network Connections Discovery |
| Identify Process Owner | Discovery | T1057 | Process Discovery |
| Connect to Service | Command and Control | T1071.001 | Application Layer Protocol |
Detailed Solution
Click to expand
Utilizing ss -tlnp as indicated in the terminal introductory text, we identify the open port 12321 listening on 0.0.0.0. Since 0.0.0.0 exposes the service to external connections on all network interfaces, a simple curl 127.0.0.1:12321 successfully connects to the gift-tracking service to complete the challenge.
Tools Reference
| Tools Used | Tool Version |
|---|---|
| curl | 8.17.0 |
| ss (included as part of the iproute2 package) | 6.18.0 |
Hints Reference
| Provided By | Hint |
|---|---|
| Santa | Since we don't have a web browser to connect to this HTTP service...There is another common tool that you can use from the cli. |
| Yuri | Think you can check out this terminal for me? I need to use cURL to access the gift tracker system, but it has me stumped. |
Acknowledgements
| Provided By | Notes |
|---|---|
| none | none |