Objective 4 needs us to retrieve the encrypted ZIP file from the North Pole Git repository “https://git.kringlecastle.com/Upatree/santas_castle_automation” and find the password to open it.
If we have compleated Cranberry Pi terminal challenge by Wunorse Openslae, then we get given a hint which is.
“Thank goodness for command line passwords – and thanks for your help!
Speaking of good ways to find credentials, have you heard of Trufflehog?
It’s a cool way to dig through repositories for passwords, RSA keys, and more.
I mean, no one EVER uploads sensitive credentials to public repositories, right? However, if they did, this would be an excellent tool for finding them.
Listen to me ramble. If you’re interested in Trufflehog, you should check out Brian Hostetler’s talk!
Have you tried the entropy=True option when running Trufflehog? It is amazing how much thicker it digs!”
Also, we get a YouTube link to check out Brian Hostetler’s talk on Trufflehog.
Heading to the GitLab page “https://git.kringlecastle.com/Upatree/santas_castle_automation” we can see many files; we could clone the whole git… However, as the hint suggests we only need to find the ZIP file.
Using the built-in “Find the file” within GitLab were able to locate and download the ZIP file (Well, the only ZIP file).
Moreover, when trying to access the .jpg files, we need a password! We could try and brute force it with a password list. However, this could take days, maybe even weeks?… There are many programs out there some free, i.e. John the ripper, and some that cost money. However, again nothing guaranteed here!
Alternatively, maybe it’s referring too “Known-plaintext attack (ZIP)”ZIP files have a strong encryption algorithm. First, the password isn’t stored anywhere in a password-protected archive. The ZIP archiver converts the password you’ve entered into three 32-bit encryption keys, and then uses them to encrypt the whole archive.” (https://www.elcomsoft.com/help/en/archpr/known_plaintext_attack_(zip).html)
However, let’s not over think all of this! Do you remember the Dev Ops Fail Cranberry Pi terminal challenge by Sparkle Redberry?
Where we check the git project and check the commits to find a password that has removed. Maybe it’s the same thing here. Maybe!
Going back to the GitLab page again, let’s check out the commits made, when scrolling down I notice this one with the “stands out” name called “important update.”
Checking the changes made to “important update”, we. Well, we find the password!
So the answer/password here is Yippee-ki-yay.
Hang on, is this the map for Google Ventilation Maze?