The 2020 edition with even more cyber fun. Wow!
A CTF-like advent calendar that opens a port everyday, starting from port 1. The challenges incorporate different protocols and services ranging from ancient RFCs to bleeding edge technologies. Each port is meant to be solvable rather easily so that it doesn't take too much time.
The 2020 edition of the advent calendar was hosted at xmas.rip. The page contents are in the _website directory.
Each task should run in a Docker container, similar to the previous iteration. An exception are services that require to run on the host system because they are implemented in iptable rules or require specific Kernel features.
Tick the boxes to indicate the service has been implemented. Strikethrough text means challenge is already on the agenda.
-
RFC2965: Implement webapp that requires Cookie2 HTTP header. -
RFC7231: Build a crawler with the From header. -
WebAssembly page with Golang (xmas-webasm) -
gRPC (xmasgreetings) -
DTLS 1.2 -
Webshop Race Conditions (Vouchers ausstellen) WebRace -
HSZF(DoIP)/UDS -
ELF binary with wrong entry point. Prints the flag if entry point is corrected (see ELF folder) -
PCAP_poly PCAP File containg a Polyglot file containing the flag -
xmas-socks -
XMAS Cloud, Demo -
proto: The proto challenge offers the token if you negotiate the correct TLS ALPN protocol. - WireGuard
-
Server which requires to send specific UTF16 strings with correct BOM (xmas-karaoke) -
Image with Red Star OS watermark that includes the flag -
XMAS scan port that only allows packets with FIN, PSH and URG flags set -
NTS: RFC 8915 - Network Time Security (NTS) server (nts) -
SANTAS NAUGHTY LIST is using a strict Content Security Policy to protected against all(?) XSS attacks. -
HELLO XMAS/3.0 is a HTTP/3.0 only server on UDP. -
Santa's Christmas Factory is a web server affected by JavaScript prototype pollution. -
Something with emojis is a small TCP server with a emoji "puzzle/quiz".
The overall challenge will include an Amazon gift card again. Each port has a secret, the SHA256 hash of all secrets combined will be the password for an encrypted text on the website that includes instructions for receiving the gift card. Unfortunately we cannot just include the code of a gift card, because e.g. German gift cards won't work for Amazon Canada.
All keys are available at _challenge/keys.json, the password in _challenge/password. Both have been generated with the _challenge/generate_keys.py script.
Healthstate can be monitored with docker events --filter event=health_status
First one or two ports should be fairly simple to give participants an easy start. The bold and underlined days are 2nd to 4th advents (1st is not in december this year) and they should have special challenges (harder/more complex).
| Port | Challenge | Path |
|---|---|---|
| 1 | A challenge that opens two web ports, port 1 returns a Set-Cookie2 header with a port list that includes 11111. Send cookie to this port in Cookie2 header according to RFC2965. |
xmas-cookie2 |
| 2 | A simple DTLv1.2 server that returns the secret. | dtls |
| 3 | ELF binary with wrong entry point. If entry point is set to the correct one, the flag is printed. Binary is provided via web server. | ELF |
| 4 | xmas-socks is a simple portable parallel secure SOCKS server written in Go. | xmas-socks |
| 5 | A custom TLS server written in Go that returns the flag if you negotiate the correct TLS ALPN protocol. | proto |
| 6 | Web version of VSCode (Monaco editor) which allows to execute OS commands to read and decrypt flag via JavaScript. | XMAS Cloud |
| 7 | PCAP File containg a Polyglot file containing the flag a.k.a as Матрешка (Matreshka). | PCAP_poly |
| 8 | High Speed Fahrzeugzugang (HSFZ) server where user's have to send a proper HSFZ packet that starts the car. | HSFZ |
| 9 | A simple webserver that only shows the flag with a correct Request Context, which has to include a proper From and Referer header. |
xmas-from |
| 10 | A JPG file with a Red Star OS watermark that includes the flag. | redstar |
| 11 | A karaoke service where clients have to reflect song lyrics in the UTF encoding indicated by the returned BOM. | xmas-karaoke |
| 12 | A simple gRPC service where clients have to call the XmasGreeting() function with the xmas name. Protobuf definition will be provided. |
xmasgreetings |
| 13 | WebAssembly page that requires a password. Prints the token with the proper password. | xmas-webasm |
| 14 | A web shop with a race condition vulnerability. | WebRace |
| 15 | A Network Time Security service which returns the token in a NTPv4 Server Negotiation Message. | nts |
| 16 | A simple IP-HTTPS server where a client has to bring up a IP-HTTPS link. | ip-https |
| 17 | A HTTP server that is only accessible via TLS-over-SCTP. | tls-over-sctp |
| 18 | A Rust RPC service. | rustRPC |
| 19 | A HTTP/3-only server on UDP. | http3only |
| 20 | CSP bypass challenge. | santas-naughty-list |
| 21 | Simple FTP server with login and a secret file. | xmas-ftpd |
| 22 | JavaScript type pollution challenge. | Santa's Christmas Factory |
| 23 | TCP server with emoji puzzles/quizzes. | Something with emojis |
| 24 | XMAS scan port that returns the token in a ICMP 13 packet. Can be solved with Nmap XMAS scan and Wireshark. | xmas-tcpflags |