Advent of Cyber 2021 — [Day 5] Pesky Elf Forum

“The Elf Forum is where all the elves express their joy and excitement about Christmas, but Grinch Enterprises has one bad admin account, and they’ve installed a plugin that changes all mentions of Christmas to Buttmas!! McSkidy needs to find that admin account and disable the plugin.”

Link to Room: https://tryhackme.com/room/adventofcyber3#

Question #1: What flag did you get when you disabled the plugin?

The challenge starts by directing you to the Elf Forum:

I usually try not to read the official walkthroughs before I do a challenge, but it seems like you need the username and password combo from that section to get logged into the forum.

Though they are actually pretty easy to guess now that I see them…

Username: McSkidy

Password: password

Once logged in you will notice that there is a new settings button for the elf forum:

This will let you change McSkidy’s password. Change it to whatever you want:

After you do that, notice the URL:

Because of the way this is designed, if you were to get someone else to visit this URL, their own password could be changed to “buttmas”. Then you could log into their account and do whatever you want with it.

Choose one of the comment threads.

In the comment field you can leave some JavaScript.

This means that everyone who visits the page will unsuspectedly load the JavaScript, which will request the password change URL from earlier.

After you comment, you will see just a blank spot:

But behind the scenes the script is running:

Now all we do is wait for the Grinch to login…

After a minute or so, log out and then log back in as the Grinch

Username: grinch

Password: buttmas

Then head to the settings area. You will see there is a new option to disable his Buttmas plugin prank:

Disable it for your flag!

THM{NO_MORE_BUTTMAS}

Happy Holidays!❤

--

--

--

CTF Writeups to facilitate cyber education.

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

We Have Better Performance Because We Have Better Architecture

A tale of my first ATO (Account Takeover)

Phoenix Staker Testnet

InfoSecSherpa Newsletter — 18 May 2021

Is decentralized file storage, in a blockchain-esque style, the answer to cyber security breaches?

InfoSecSherpa Newsletter — 16 May 2021

Hacktober CTF (16–17 Oct, 2020)

Introduction to Nethermind Discovery Protocol

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Samantha

Samantha

CTF Writeups to facilitate cyber education.

More from Medium

Yogosha Christmas Challenge 2021

Previse Writeup — HackTheBox

TryHackMe: Blue Writeup

Mr. Robot (MEDIUM)— THM