Given that the deadline passed, I’ll publish my solution to the Scooby Doo Ethical hacker challenge. In related news (via SANS): the November challenge from packetlife. The deadline is the 20th of November, so hurry up.
Can you figure out who killed Dr. Wilson, and why? I would say it was Dr. Miller. In the partial disk image there was a e-mail saying:
“I know how you’ve been obtaining our passwords to steal the exams
provide them to the students. You’ll see I have the proof in the
attachment. I expect you to resign your position and leave the
University at the end of the semester or I will be forced to
disclose this information and fire you.
The attachment contained a photo of Dr. Miller’s office. In the photo one can see a box of – what I assume is – wireless camera. As the answer to question 2 explains, this was used to steal the exams and Dr. Miller feared for his reputation / position.
How were the passwords stolen to steal the exams? My theory is that using a wireless camera they were either read directly from the monitor, or the camera was used to capture the password as they were typed in.
Can you provide a copy of the cryptography final exam? Can you create an answer key? Foremost extract it from the partial drive image (together the Rick Astley video ;-)). On a sidenote, the email was not extracted by foremost (probably because the headers were badly damaged – for example the headers were entirely gone) and had to be extracted manually and the attachment decoded (for example by using the online Base64 decoder at: http://www.motobit.com/util/base64-decoder-encoder.asp).
The answers are:
The first question (a “shift” cypher with 16 places of shift)
a long time ago, in a galaxy far, far away it is a period of civil war. rebel spaceships, striking from a hidden base, have won their first victory against the evil galactic empire. during the battle, rebel spies managed to steal secret plans to the empire’s ultimate weapon, the death star, an armored space station with enough power to destroy an entire planet. pursued by the empire’s sinister agents, princess leia races home aboard her starship, custodian of the stolen plans that can save her people and restore freedom to the galaxy
The second one I didn’t manage to figure out.
The third one was coded using the Enigma algorithm. Given the specified settings one can use the many available simulators (for example the one at http://enigmaco.de/enigma/enigma.html) and get the decoded result: SOMEBODY SETUP US THE BOMB.
Also, provide some analysis of Velma’s incident handling
process. What did she do right? What should she have done differently?The most important problem is that – because of her not using a writeblocker – it will be hard to prove that the contents of the drive were not changed. Also here actions might have eradicated phisical evidence (fingerprints for example). What she did right was the fact that she imaged the drive and worked on the image, rather than working with the drive.