Jump to content
Main menu
Main menu
move to sidebar
hide
Navigation
Main page
Recent changes
Random page
Help about MediaWiki
Special pages
YawgNetWiki
Search
Search
Appearance
Log in
Personal tools
Log in
Pages for logged out editors
learn more
Contributions
Talk
Editing
Hail Satan SAO 19
(section)
Page
Discussion
English
Read
Edit
View history
Tools
Tools
move to sidebar
hide
Actions
Read
Edit
View history
General
What links here
Related changes
Page information
Appearance
move to sidebar
hide
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
=Hssao12dc= [https://hssao12dc.com/ Hssao12dc] is a domain! The main page doesn't have much going on except the first image but there doesn't seem to be much going on with it. Time to pull from the SAOs: ==lookinthemirror== [https://hssao12dc.com/lookinthemirror LOOKINTHEMIRROR] from the Alienese turned out to be a new page and challenge. * Stego time! ** Using Gimp and some Grain Extraction, we find [http://bit.ly/jesterofdarkness A useless link]. ** But higher levels of grain extraction along with mirroring the image gives a clue rorrimehtnikool * Additionally, there is a file in the image ** Using steghide we find "twistedpath" cat twistedpath thecourtofthejesterofdarkness ==rorrimehtnikool== [https://hssao12dc.com/rorrimehtnikool A URL] of course with another video! * More morse code ** ... .. -..- ** SIX * A classic satanic obfuscation of playing something in reverse has someone speaking: "Resistance is futile, submit your souls to the dark lord, bask in his hatred and torment for all eternity. browse to your path, the gates of peril" ** This was not terribly hard to figure out though it did admittedly take me some time. ** [https://hssao12dc.com/thegatesofperil The Gates of Peril] ** Additionally, during the morse code bit, words flash on the screen that make more sense reversed: "The Jester is a fool add this to his number to enter peril" ==Jester of Darkness== A quick detour to the other URL mentioned from prior: [https://hssao12dc.com/thecourtofthejesterofdarkness This URL] with another image! * This one can be done by simply cat-ing or open the image up in nano/notepad ** At the end of the image file in ASCII: ** "gossipfromthejesterofdarkness" * [https://hssao12dc.com/gossipfromthejesterofdarkness Yet Another URL] ** This one is simply a text hint and not an actual challenge. <pre> You will never enter the gates unless you appending data to your attempts. It's believed the angel Evil whispered this data in Baphomet's ear, but in an archaic form. Convert the data and append it to your attempts if you ever wish to read the ancient texts.</pre> ==The Gates of Peril== [https://hssao12dc.com/thegatesofperil The Gates of Peril] starts off pretty easy but gets tough quick. * Using ROT-21 on the text we find a file for the ancient texts ==Ancient Texts== [https://hssao12dc.com/ancienttexts.zip Zip File] with a password. * To open this, I reviewed the hints from all previous puzzles * The Gates of Peril ** "Cycles must be sacrificed" ** Brute forcing with John confirmed! ** "seek promise in your rock" ** Definitely a reference to the well known rockyou.txt dictionary * The Jester's Gossip ** Includes some key phrases: Archaic Form, Convert, Append ** This hints at the 666 roman numeral from the SAO ** We will need to append this to our password for the zip file * rorrimehtnikool ** From the Morse Code segments we have: ** SIX ** "The Jester is a fool add this to his number to enter peril" ** So we will need to add 6 to our 666 when we append this. Or 672 ===JTR the Zip=== * I made a custom John rule or two since I wasn't sure whether we were doing 6666 or 672. Additionally, due to the misprint on the SAO I wasn't 100% certain it was going to actually be 666 or if it was going to be something different. So I added: Az"[0-9][0-9][0-9]" Az"[0-9][0-9][0-9][0-9]" To a custom ruleset for John and ran it against the zip file using rockyou as my dictionary. I eventually achieved success with fuckyou672 ===PCAP file=== I started by looking removing a lot of stuff that tends to not be helpful in pcap files: * Filter ** !(arp or icmp or dns or tls or tcp.port==443) * This cut a lot of junk out and led to a very interesting tcp stream at 4317 ** An unencrypted email from belial to zagan ** Provides a CLIENT_RANDOM string CLIENT_RANDOM 0B99673F6544001D9A7D760AFE3439747A9D6FA52AFA8EFF8C9D66698B10F8D8 A6387F8A5FB74A73663DA0BF7CBDE526237FB78C99B588411EE68FE6EDDA8A6CF3C683C03CF3A1E06EB8784BB8D4AB05 * Dropping this string into a text file and adding it to Wireshark ** (Pre)-Master-Secret log * Now we can look at TLS and TCP/443 streams! ** Stream at 4060 shows a GET Request of interest to us with the final [https://hssao12dc.com/decryptoroftheancienttexts URL]
Summary:
Please note that all contributions to YawgNetWiki may be edited, altered, or removed by other contributors. If you do not want your writing to be edited mercilessly, then do not submit it here.
You are also promising us that you wrote this yourself, or copied it from a public domain or similar free resource (see
YawgNetWiki:Copyrights
for details).
Do not submit copyrighted work without permission!
Cancel
Editing help
(opens in new window)
Search
Search
Editing
Hail Satan SAO 19
(section)
Add topic
