Featured image of post KringleCon 2 (2019)

KringleCon 2 (2019)

Detailed technical write-up for KRINGLECON 2 CTF

To read the writeup please visit


๐Ÿ—บ Map

This a preview of a very high quality map for ELF University.

To zoom and check the details please download the full quality. click here:


๐Ÿต Objectives

Check the objectives in your badge, You will have the 6 objectives then unlock new objective by talking to the elves you find in the university:

Objective Type Location Tools
0/ Talk to Santa in the Quad Talk The Quad
1/ Find the Turtle Doves Explore The student union
2/ Unredact Threatening Document Explore The Quad
3/ Windows Log Analysis: Evaluate Attack Outcome Logs Analysis The event log data DeepBlueCLI
4/ Windows Log Analysis: Determine Attacker Technique Logs Analysis The normalized Sysmon logs EQL
5/ Windows Log Analysis: Determine Compromised System Logs Analysis Zeek logs RITA
6/ Spunk SOC Splnuk Server Splunk
7/ Get Access To The Steam Tunnels Multi Minty’s dorm room Multi
8/ Bypassing the Frido Sleigh CAPTEHA Machine Learning fridosleigh Python
9/ Retrieve Scraps of Paper from Server SQL Injection Student Portal Sqlmap
10/ Recover Cleartext Document Reverse Engineering elfscrow app IDA
11/ Open the Sleigh Shop Door Web Dev Carte Web Dev
12/ Filter Out Poisoned Sources of Weather Data Logs Analysis SLEIGH ROUTE FINDER API jq

๐ŸŽ—Helping the elves Challenges

As we walk around, we can find various challenges, and as we talk to the elves standing near them, we get some hints.

Challenge Type Direct Url Elf Location
1 Escape Ed Ed editor Link Bushy Evergreen The train station
2 Linux Path Linux Link SugarPlum Mary The Hermey Hall
3 Xmas laser cheers Powershell Link Sparkle Redberry The Laboratory
4 Splunk - The training questions SOC - Splunk Link Professor Banas The Laboratory
5 Mongo Pilfer MongoDB Link Holly Evergreen Netwars Room
6 Nyanshell Linux Shell Link Alabaster Snowball The Speaker UNpreparedness Room
7 Frosty Keypad Keypad Link Tangle Coalbox The Quad
8 Holiday Hack trail Web Pentest Link Minty Candycane The Dorm
9 Get Access To The Steam Tunnels Key Bitting Link1 Link2 Krampus Minty’s Room
10 Graylog Log Analysis Link Pepper Minstix The Dorm
11Smart Braces Iptables link Kent Tinseltooth Student Union
12 Zeek JSON Analysis Log Analysis Link Wunorse Openslae Sleigh Shop


Virtual Machines I used:

Recording terminal:

Powered by ๐Ÿ Python
Built with Hugo
Theme Stack designed by Jimmy