Essential Editor Skills

Cranberry Pi #1
Lobby

Hi, I'm Bushy Evergreen.

I'm glad you're here, I'm the target of a terrible trick.
Pepper says his editor is the best, but I don't understand why.
He's forcing me to learn vi.
He gave me a link, I'm supposed to learn the basics.
Can you assist me with one of the simple cases?

                  ........................................
               .;oooooooooooool;,,,,,,,,:loooooooooooooll:
             .:oooooooooooooc;,,,,,,,,:ooooooooooooollooo:
           .';;;;;;;;;;;;;;,''''''''';;;;;;;;;;;;;,;ooooo:
         .''''''''''''''''''''''''''''''''''''''''';ooooo:
       ;oooooooooooool;''''''',:loooooooooooolc;',,;ooooo:
    .:oooooooooooooc;',,,,,,,:ooooooooooooolccoc,,,;ooooo:
  .cooooooooooooo:,''''''',:ooooooooooooolcloooc,,,;ooooo,
  coooooooooooooo,,,,,,,,,;ooooooooooooooloooooc,,,;ooo,
  coooooooooooooo,,,,,,,,,;ooooooooooooooloooooc,,,;l'
  coooooooooooooo,,,,,,,,,;ooooooooooooooloooooc,,..
  coooooooooooooo,,,,,,,,,;ooooooooooooooloooooc.
  coooooooooooooo,,,,,,,,,;ooooooooooooooloooo:.
  coooooooooooooo,,,,,,,,,;ooooooooooooooloo;
  :llllllllllllll,'''''''';llllllllllllllc,
I'm in quite a fix, I need a quick escape.
Pepper is quite pleased, while I watch here, agape.
Her editor's confusing, though "best" she says - she yells!
My lesson one and your role is exit back to shellz.

-Bushy Evergreen

Exit vi.
Vi Editor Basics hint from Bushy Evergreen
Indiana University Vi Tutorials

Exit vi by entering :q (as we already are in command mode).

Afterwards, chat with Bushy Evergreen:

Bushy Evergreen

Wow, it seems so easy now that you've shown me how!
To thank you, I'd like to share some other tips with you.
Have you taken a look at the Orientation Challenge?
This challenge is limited to past SANS Holiday Hack Challenges from 2015, 2016, and 2017. You DO NOT need to play those challenges.
If you listen closely to Ed Skoudis' talk at the con, you might even pick up all the answers you need...
It may take a little poking around, but with your skills, I'm sure it'll be a wintergreen breeze!

details

  • .bashrc - relevant part
  • vim .message
    /usr/local/bin/successfulescape

  • .message
  • decompiled successfulescape.py from successfulescape (read about decompilation process in Cranberry Pi hacks)
  • It's interesting how "is vi still running" is being checked (lines 5-13). Probably, to not allow solving the challenge by running a command or shell from vi.
    There is this challenge's HMAC key 2bb6b9c702834095a9c3284e053da124 (used to verify challenge completion).
    Some debugging code is still lingering in source. Also, there is some dead code (lines 39, 48-49), probably, due to using copy-and-paste programming.

    import json, sys, os, time, signal
    from hashlib import sha256
    import hmac
    
    def checkvimps():
        pids = [pid for pid in os.listdir('/proc') if pid.isdigit()]
        for pid in pids:
            try:
                if open(os.path.join('/proc', pid, 'comm'), 'rb').read()[0:2] == 'vi':
                    return True
            except IOError:
                continue
        return False
    
    
    def calcHmac(secret, resourceId):
        return hmac.new(secret.encode('utf8'), resourceId.encode('utf8'), sha256).hexdigest()
    
    
    def printResponse(hash, resourceId):
        print('#####hhc:%s#####' % json.dumps({'hash': hash, 'resourceId': resourceId}))
    
    
    def signal_handler(signal, frame):
        print('')
        sys.exit(0)
    
    
    def errorandexit(msg2):
        error = "\nI'm very sorry, but we seem to have an internal issue preventing the successful\ncompletion of this challenge. Please email support@holidayhackchallenge.com with\na screen-shot or any other details you can provide. Thank you!\n\n"
        print(error)
        if msg2 != '':
            print(msg2)
        sys.exit(-1)
    
    
    if __name__ == '__main__':
        debuggin = False
        r = None
        signal.signal(signal.SIGINT, signal_handler)
    try:
        RESOURCEID = os.environ.get('RESOURCE_ID')
        if RESOURCEID == '' or RESOURCEID == None:
            errorandexit('Unable to obtain resource ID information.')
        if debuggin:
            print('\nRESOURCEID = ' + RESOURCEID)
        key = '2bb6b9c702834095a9c3284e053da124'
        h = hmac.new(key.encode('utf8'), RESOURCEID.encode('utf8'), sha256)
        payload = {'hash': h.hexdigest(), 'resourceid': RESOURCEID}
        sys.stdout.write('Loading, please wait.')
        sys.stdout.flush()
        for i in range(0, 5):
            if not debuggin:
                time.sleep(1)
            sys.stdout.write('.')
            sys.stdout.flush()
    
        print('\n')
        if checkvimps() == False:
            hmac256 = calcHmac(key, RESOURCEID)
            printResponse(hmac256, RESOURCEID)
            time.sleep(0.5)
            print('\nYou did it! Congratulations!\n')
        else:
            print('Hmm.  I think vim is still running...')
    except Exception as e:
        errorandexit(str(e))
        sys.exit(0)