Hints
Hints are a huge help while working your way through the Geese Islands. As you complete tasks some of the elves will give you just the nudge you need. Here are all the hints in no particular order.
Become the Fish
From: Poinsettia McMittens
Objective: 'BONUS! Fishing Guide'
Hint
Perhaps there are some clues about the local aquatic life located in the HTML source code.
SSH Certificates Talk
From: Alabaster Snowball
Objective: 'Certificate SSHenanigans'
Hint
Check out Thomas Bouve's talk and demo to learn all about how you can upgrade your SSH server configuration to leverage SSH certificates.
DMARC, DKIM, and SPF, oh my!
From: Fitzy Shortstack
Objective: 'Phish Detection'
Hint
Discover the essentials of email security with DMARC, DKIM, and SPF at Cloudflare's Guide.
Comms Journal
From: Chimney Scissorsticks
Objective: 'The Captain's Comms'
Hint
I've seen the Captain with his Journal visiting Pixel Island!
Comms JWT Intro
From: Chimney Scissorsticks
Objective: 'The Captain's Comms'
Hint
A great introduction to JSON Web Tokens is available from Auth0.
Gameboy 2
From: Tinsel Upatree
Objective: 'Game Cartridges: Vol 2'
Hint
1) This feels the same, but different! 2) If it feels like you are going crazy, you probably are! Or maybe, just maybe, you've not yet figured out where the hidden ROM is hiding. 3) I think I may need to get a DIFFerent perspective. 4) I wonder if someone can give me a few pointers to swap.
Lock Talk
From: Garland Candlesticks
Objective: 'Luggage Lock Decode'
Hint
Check out Chris Elgee's talk regarding his and his wife's luggage. Sounds weird but interesting!
Outbound Connections
From: Tangle Coalbox
Objective: 'KQL Kraken Hunt'
Hint
Do you need to find something that happened via a process? Pay attention to the ProcessEvents table!
Azure VM Access Token
From: Sparkle Redberry
Objective: 'Certificate SSHenanigans'
Hint
Azure CLI tools aren't always available, but if you're on an Azure VM you can always use the Azure REST API instead.
Synthesis is the True Ending
From: Santa
Objective: ''
Hint
The AI revolution has begun. Some of the most prominent and useful tools born from the advent of powerful AI include ChatGPT, PlayHT, Midjourney, Dall-E 3, Bing AI, and Bard, and Grok.
I Am Become Data
From: Poinsettia McMittens
Objective: 'BONUS! Fishing Guide'
Hint
One approach to automating web tasks entails the browser's developer console. Browsers' console allow us to manipulate objects, inspect code, and even interact with websockets.
KQL Tutorial
From: Tangle Coalbox
Objective: 'KQL Kraken Hunt'
Hint
Once you get into the Kusto trainer, click the blue Train me for the case button to get familiar with KQL.
JWT Secrets Revealed
From: Piney Sappington
Objective: 'Elf Hunt'
Hint
Unlock the mysteries of JWTs with insights from PortSwigger's JWT Guide.
Linux Command Injection
From: Rose Mold
Objective: 'Linux PrivESC'
Hint
Use the privileged binary to overwriting a file to escalate privileges could be a solution, but there's an easier method if you pass it a crafty argument.
Comms Private Key
From: Chimney Scissorsticks
Objective: 'The Captain's Comms'
Hint
Find a private key, update an existing JWT!
Snowball Super Hero
From: Morcel Nougat
Objective: 'Snowball Hero'
Hint
Its easiest to grab a friend play with and beat Santa but tinkering with client-side variables can grant you all kinds of snowball fight super powers. You could even take on Santa and the elves solo!
Consoling iFrames
From: Morcel Nougat
Objective: 'Snowball Hero'
Hint
Have an iframe in your document? Be sure to select the right context before meddling with JavaScript.
MFA: Something You Are
From: Jewel Loggins
Objective: 'Space Island Access Speaker'
Hint
It seems the Access Speaker is programmed to only accept Wombley's voice. Maybe you could get a sample of his voice and use an AI tool to simulate Wombley speaking the passphrase.
Buried Treasures
From: Dusty Giftwrap
Objective: ''
Hint
There are 3 buried treasures in total, each in its own uncharted area around Geese Islands. Use the gameboy cartridge detector and listen for the sound it makes when treasure is nearby, which gets louder the closer you are. Also look for some kind of distinguishing mark or feature, which could mark the treasure's location.
Fishing Machine
From: Poinsettia McMittens
Objective: 'BONUS! Fishing Guide'
Hint
There are a variety of strategies for automating repetative website tasks. Tools such as AutoKey and AutoIt allow you to programmatically examine elements on the screen and emulate user inputs.
File Creation
From: Tangle Coalbox
Objective: 'KQL Kraken Hunt'
Hint
Looking for a file that was created on a victim system? Don't forget the FileCreationEvents table.
Hubris is a Virtue
From: Wombley Cube
Objective: 'Camera Access'
Hint
In his hubris, Wombley revealed that he thinks you won't be able to access the satellite's "Supervisor Directory". There must be a good reason he mentioned that specifically, and a way to access it. He also said there's someone else masterminding the whole plot. There must be a way to discover who that is using the nanosat.
Gameboy 1
From: Dusty Giftwrap
Objective: 'Game Cartridges: Vol 1'
Hint
1) Giving things a little push never hurts. 2) Out of sight but not out of ear-shot 3) You think you fixed the QR code? Did you scan it and see where it leads?
Useful Tools
From: Ribb Bonbowford
Objective: 'Active Directory'
Hint
It looks like Alabaster's SSH account has a couple of tools installed which might prove useful.
Comms Web Interception Proxies
From: Chimney Scissorsticks
Objective: 'The Captain's Comms'
Linux Privilege Escalation Techniques
From: Rose Mold
Objective: 'Linux PrivESC'
Hint
There's various ways to escalate privileges on a Linux system.
Azure Function App Source Code
From: Alabaster Snowball
Objective: 'Certificate SSHenanigans'
Hint
The get-source-control Azure REST API endpoint provides details about where an Azure Web App or Function App is deployed from.
Always Lock Your Computer
From: Wombley Cube
Objective: 'Satellite Ground Station Control Panel'
Hint
Wombley thinks he may have left the admin tools open. I should check for those if I get stuck.
Comms Abbreviations
From: Chimney Scissorsticks
Objective: 'The Captain's Comms'
Hint
I hear the Captain likes to abbreviate words in his filenames; shortening some words to just 1,2,3, or 4 letters.
Uncharted
From: Rose Mold
Objective: ''
Hint
Not all the areas around Geese Islands have been mapped, and may contain wonderous treasures. Go exploring, hunt for treasure, and find the pirate's booty!
Approximate Proximity
From: Dusty Giftwrap
Objective: 'Game Cartridges: Vol 1'
Hint
Listen for the gameboy cartridge detector's proximity sound that activates when near buried treasure. It may be worth checking around the strange toys in the Tarnished Trove.
Gameboy 2
From: Tinsel Upatree
Objective: 'Game Cartridges: Vol 2'
Hint
Try poking around Pixel Island. There really aren't many places you can go here, so try stepping everywhere and see what you get!
Bird's Eye View
From: Angel Candysalt
Objective: 'Game Cartridges: Vol 3'
Hint
The location of the treasure in Rusty Quay is marked by a shiny spot on the ground. To help with navigating the maze, try zooming out and changing the camera angle.
Gameboy 3
From: Angel Candysalt
Objective: 'Game Cartridges: Vol 3'
Hint
1) This one is a bit long, it never hurts to save your progress! 2) 8bit systems have much smaller registers than you’re used to. 3) Isn’t this great?!? The coins are OVERFLOWing in their abundance.