Your Fly Is Open

Netmenaces and Other Internet Stupidity

Grab a wooden stake, we're headed to Skodovia to kill MD5...

2021-03-16 3 min read vulnerabilities

Background: Every few years, I invite about a dozen new and old friends from the security community to my house for a long weekend. We hang out, talk until the wee hours of the morning, and play with interesting high- and low-tech toyz. Good food is eaten and a few adult beverages are consumed. We’ve played with Geisler tubes, high-speed video, AR, VR, robots, and even a vortex cannon that shot three-foot smoke rings the length of my driveway. We have a lot of nerdy fun…

Additionally, each of these gatherings - which have been dubbed “ListonCon” - have started with a group puzzle and ended with a Sooper Sekret Field Trip to somewhere interesting. We’ve had private tours of Yerkes Observatory and FermiLab. We’ve even spent a little time at one of the world’s largest video arcades, the Galloping Ghost Arcade.

Last February, we (Don “Cutaway” Weber, Suzanne Pereira and I - they’re my faithful co-organizers of these events) were talking about possible dates for the summer when we began hearing rumblings about a strange virus outbreak in China. Everyone on earth knows how that turned out… So, while an in-person event was off the table, we pivoted to creating a virtual event instead. To keep the Sooper Sekret Field Trip tradition alive, I decided that I needed to create a Virtual Sooper Sekret Field Trip.

At the same time, I had been thinking about a way to drive a stake through the heart of the MD5 hash - something that is still widely used by lots of folks who should really know better.

Thus, the fictional land of Skodovia was born (it was a rework / extension of a challenge I put together for the SANS Mini Netwars - Mission 1). I originally created and distributed this for the folks who attended the 2020 Virtual ListonCon, but I’m going to just leave it here and not say too much more about it except for these three things:

  • It’s pretty Linux-centric. I apologize to the Windows folks amongst you. Microsoft should, but won’t.
  • The PDF file opens nicely in both Chrome and Okular. If you’re having trouble, try one of those…
  • Sometimes things turn out to be a little more involved than they may seem at first.

Need a hint?

echo 'VHJ5IHRoZSBMaW51eCAnZmlsZScgY29tbWFuZC4K' | base64 -d

Need an additional hint?

echo 'TWFrZSB0aGUgUERGIGV4ZWN1dGFibGUgKGNobW9kICt4IFZpc2l0U2tvZG92aWEucGRmKS4gUnVuIGl0Lgo=' | base64 -d

Visit Skodovia: Come for the people, stay for the wombats.

a sexy, sexy wombat

Download our Informative Brochure

Note: It is absolutely critical that you confirm that the MD5sum of the brochure file is 650c537172de7e559b686100aa3a1c06 before you open it.

You also might want to keep a backup. Just sayin'...