Well….I didn’t win the annual Ed Skoudis and friends Christmas Challenge (http://pen-testing.sans.org/blog/2012/01/26/holiday-challenge-2011-winners-answers) but thought I would share my solution anyway.
Please fell free to sing along…………….
Well now Rudolph was frantic
cause Grandma was missing
The police thought he did it
His iPhone confirmed it.
The GPS on the phone
Matched a jpg showing Grandma’s coat alone.
Rudolph heard little Timothy
interrupt and tell the court.
He had found some evidence
but did not know how to parse it out.
Cupid had mad Wireshark skills
and went right to work.
The first thing that he noticed
was an email and a doc in Word.
The email revealed a secret plan
that Grandma had cooked up.
She planned to frame Rudolph
and topped her insurance up.
The capture showed a fatal flaw
with Santaslist PHP.
Grandma took over MyDNS,
by hacking her some Apache.
Then with trojaned updates
and the DNS manipulation,
SQLite was used to add
the damning CellLocation.
Rudolph was proven innocent.
The Plaza was where they knew,
the police could find Grandma
wearing one red shoe.
BONUS: Extended special live only verse
And so little Timmy Tweeted,
“Network Miner is ‘freein’
Rudolph’s not a flea bitten beast
and for Grandma there’ll be no Caribbean”
