- author: IppSec
Explaining the Ad Server in the Sands Holiday Hack Challenge 2016
In this guide, we will discuss how to analyze the ad server in the Sands Holiday Hack Challenge 2016. The answer to this challenge was Xhosa ads North Pole wonderland com. This was found by analyzing the APK file or browsing the website where the answer was coded in the media JavaScript framework.
The Use of WebSockets and DDP
The media JavaScript framework is unique because it depends purely on WebSockets and DDP, the distributed data protocol, and not HTTP GET Sant Post that you may be used to. One of the advantages of using this is that it creates real-time web applications. Whenever we click something, we do see the WebSockets go click out going incoming, thus creating an immediate reaction online. Since it is different than most websites, whenever we try to log in or post, it will not be seen and is all performed in WebSockets.
TamperMonkey Script
Fortunately, for this challenge, a tampermonkey script was already written by Tim Medine that would help us mine data out of media. Firstly, we need to install tampermonkey, and because the Firefox version that comes with Kali is not compatible with it, we need to get a later version of Firefox. This process can be done by visiting the Firefox website and downloading the latest version available. Once installed, we can extract it and then close Firefox. After this, we need to open the Firefox bin file and run Firefox again. We can then install tampermonkey and then the tampermonkey script written by Tim Medine.
Installation
To install Tampermonkey, follow these steps:
- Go to Firefox and search for tampermonkey
- Install tampermonkey
- Go to mining media on github
- Click on the media. js file and copy everything
- Create a new script
- Paste the copied information
- Use the Github URL as the update URL and click save
By following the steps above, we have installed tampermonkey successfully. Now we need to see what happens when we browse the ad server.
Analyzing Data
Once we have installed the tampermonkey script, the next step is to mine data from media. By visiting ads Northport Wonderland com and logging in, we can see media miner pop up telling us interesting information such as the Ralphs, which tells us about in-home quotes. We can see that there are four columns or records, and home quotes have different URLs such as "/admin/quotes," which looks relatively interesting. Since we cannot just click on a record and see the actual data, we will open up Firefox's developer tools by clicking on f12, and then clicking on console followed by home quotes. By entering home quotes dot find dot fetch, we will get the results, and then we can highlight and copy this information. By pasting it back into ads, we can view and analyze the challenge.
Conclusion
In conclusion, the ad server in the Sands Holiday Hack Challenge 2016 used the media JavaScript framework that depended purely on WebSockets and DDP, not HTTP GET Sant Post, to create a real-time web application. With the help of a tampermonkey script written by Tim Medine, it was possible to mine data out of media. Analyzing and understanding this data is essential in solving challenges in the hacking world, and this guide has shown how to do it step-by-step.
About The auther
New Posts
Popular Post
Maximizing Your Slot Machine Winnings: A Guide to Winning Big at the Casino
Maximizing Your Winnings: A High-Limit Slot Machine Expert's Guide
Expert Tips for Winning at Slot Machines
Expert Tips for Winning at Slot Machines
Winning Big on Piggy Banking Slots
Winning Big with Piggy Banking and Eureka Slot Machines
How to Win Big at Slot Machines: Tips and Tricks from an Expert
Maximizing Your Winnings in Slot Machines: Tips and Tricks
How to Win Big at Scarab Slot Machine: Expert Tips and Strategies
How to Make Money Playing Slots: A Step-by-Step Guide