Difficulty: very easy
Theme: Loved the elf & santa theme
Tryhackme.com released their Christmas hacking challenge today. The event is free for anyone to do and lasts through the month with a new challenge releasing each day up until Christmas. The challenges are supposed to be possible for even beginners to participate and despite that, everyone has a chance to win some cool prizes. I'm looking at you OSCP courses + exam prize.
For day 1 they released a themed room where a hacker has broken into the control console for Santa's workshop and shutdown everything. As an elf on Santa's security team you're supposed to break back into your own system and re-enable everything that was shutdown.
The type of knowledge this challenge touches on has to do with cookies and will guide you to manipulate cookies to gain the access you need.
The difficulty for this challenge was very easy but I enjoyed the theme. Initially upon visiting the website to exploit my instant thought was to deploy Burpsuite and to start capturing my session. Of course Burpsuite is overkill I enjoyed the puzzle aspect of manually figuring out a way in.
Spoiler, but not a spoiler you ultimately login as Santa to fix everything. This makes me wonder why all of the elves were locked out and yet Santa's account was left alone. Was Santa behind the hacker all along?? The hacker was never identified in the information that's passed along to the security person completing the challenge.