SANS Holiday Challenge Walkthrough part 3

The /etc/hosts file in the firmware gave us this ip address: 52.2.229.189 . In the game we ask tom and and he answers that yes it is in scope, just don't cause a DoS. Running a shodan search against the IP gives us:

It looks like it's an AWS instance with port 80 open running a web service.  It has a distinctive header "X-Powered-By: GIYH::SuperGnome by AtnasCorp" which we can use to search for the other SuperGnomes. Sure enough shodan finds several more of them:

• 52.64.191.71, Sydney Australia
• 52.34.3.80, Boardman, United States
• 52.2.229.189, Ashburn, United States
• 54.223.105.81, Brazil
• 52.192.152.132, Tokyo, Japan

Now we can try to actually log in to the web service running on port 80. Navigating to that IP displays a log in screen.

We can then log in with the admin credentials we pulled from the database. And there's the first gnome.conf

One down, 4 to go.

f3n3s7ra