# Day 14

#### Task 20 — Certificate mismanagement Day 14: Even if we're horribly mismanaged, there'll be no sad faces on SOC-mas! <a href="#id-8d94" id="id-8d94"></a>

**1. What is the name of the CA that has signed the Gift Scheduler certificate?**

1. Start the Attackbox and navigate to it.
2. Add the following command with your machine IP: `echo "MACHINE_IP gift-scheduler.thm" >> /etc/hosts`
3. Open `gift-scheduler.thm` in the browser, click on the `Advanced` button to expand the warning's details and Click view certificate.
4. Now you can see the certificate details.

```makefile
CopyAns: THM
```

**2. Look inside the POST requests in the HTTP history. What is the password for the `snowballelf` account?**

1. Open Burp Suite and Once Burp Suite loads, we will select `Proxy` (number 1 in the screenshot above) and then toggle off the `Intercept on` option (number 2) to prevent users from noticing any delays in the website responses. Finally, let's open the `Proxy Settings` (number 3) to set a new listener on our AttackBox IP address.
2. Now, Turn of the Proxy.
3. Open a terminal and navigate to `/Rooms/AoC2024/Day14` using the following command `cd /Rooms/AoC2024/Day14`
4. Now run the script using `./route-elf-traffic.sh`
5. In Burp, Navigate to the HTTP history tab Under Proxy and inspect the requests.

```makefile
CopyAns: c4rrotn0s3
```

**3. Use the credentials for any of the elves to authenticate to the Gift Scheduler website. What is the flag shown on the elves' scheduling page?**

Login to `snowballelf` account

```css
CopyAns: THM{AoC-3lf0nth3Sh3lf}
```

**4. What is the password for Marta May Ware's account?**

Check out the Requests.

```makefile
CopyAns: H0llyJ0llySOCMAS!
```

**5. Mayor Malware finally succeeded in his evil intent: with Marta May Ware's username and password, he can finally access the administrative console for the Gift Scheduler. G-Day is cancelled! What is the flag shown on the admin page?**

Login to Marta's Account.

```css
CopyAns: THM{AoC-h0wt0ru1nG1ftD4y}
```


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://foothold.gitbook.io/blog/advent-of-cyber-2024/day-14.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.