Alright it looks like Santa’s Sled has an API we can use to determine his location. We need to discover the web server and then find the right API key. It’s an odd number between 0 and 100, the other issue is after so many attempts, our IP address will be banned.
First let’s start off by finding the Port the server is on using Nmap.
nmap -p- -sV -T4 –reason 10.10.47.36
-p- is to scan all ports
-sV is to scan for the services on the open ports
-T4 is how fast you want to scan. T5 is the fastest, but can sometimes produce false positives.
–reason Will tell you why Nmap thinks a port is open or filtered.
Since we will need to make some requests with python let’s install the requests module. https://pypi.org/project/requests/
python3 -m pip install requests
In my case I already had it.
nano api.py
Now let’s write our request code to make the actual request to the website. First we start off with import requests as that’s the module we will need to use. Then let’s create a list of odd numbers between 0 and 100 like the clue tells us. We can do this using the range function and then turn it into a list with the list function. Finally print out items in the list, by using print(first_hundred[0])
we can replace 0 with the items in the list, 0 is the first item in the list which we expect to be 1.
import requests
first_hundred = list(range(1, 100, 2))
print(first_hundred)
print(first_hundred[0])
print(first_hundred[1])
print(first_hundred[2])
print(first_hundred[3])
Now let’s write the code to make the request to the web server.
nano Requests.py
import requests
for api_key in (range(1, 100, 2)):
r = requests.get(f’http://10.10.65.238/api/{api_key}’)
print(api_key)
print(r.text)
python3 Requests.py
That answers the last 2 questions about Santa’s location and the API key. Another day has been complete, thanks for joining me!