Summary of yesterday's ARG events:
The console on Jimenez's admin panel became usable, you could type help to see a list of commands.
In the MJimenez email account, there's an email labeled Corrupción de correo electrónico with highlighted text in side of it, specifically /ter/. After some hard thinking, people discovered that doing about | grep 'ter' returns this text:
Quote:
Open source lightweight shell for any terminal.
Anything with a terminal
1.1.0 - expanded terminal support
|
The first word of every line given from the output is bold and also purple, signifying something interesting about it. Put together you get OpenAnything1.1.0, which is where we move onto the next bit below.
Another command available to you is "override". Before applying the override, the console prompts you with three security questions:
Favorite Movie. The answer to the prompt is some like it bot, a movie from the Overwatch universe.
Favorite Cookie Flavor. The answer being nuevas sabor delicias, a flavor referenced in an email in the MJimenez account.
secret. The answer to this prompt is OpenAnything1.1.0.
This returns OK, gives you admin access and enables a new set of commands:
Quote:
ls Lists files by path
cat Read file by path
exec Execute a file
|
Typing ls lists two files: payload and d_ilqh_nhb.html (the file name is a ROT23 for a_fine_key). Reading the second file with cat d_ilqh_nhb.html gives a text where ascii characters are in a shape of a key. Deciphering it using the Affine cipher (A=23, B=23) yields the following string: somekeysareshapedaslocks.index.
Simultaneously, typing exec payload presents you with a prompt — the answer to which is the Tracer Trail (from the summer games announcement video months ago!). When inputted, you are given a message that looks quite similar to what was previously seen at amomentincrime.com. You are then added to a counter.
Somewhere about the end of investigation on 10-01-2016, when the counter of people, who executed the payload was nearing or passed 100, the lumerico.mx home page changed to show "glitches" and the black overlay with a message under the purple skull, while a string <!-- MISDIRECTION --> was also added to the source of the page. The message sage (Translated to English):
Quote:
Good job, folks. I would not have done it without your help. Anyway, I got the resources needed for my next hit - you'll love it.
Expect to hear from me in the coming days...
I'm going to send something to thank you ... Hopefully you can use it.
Dasvidanya friends
|
Note that Dasvidanya is a phonetic transliteration of до свиданья — a russian phrase for "goodbye". The thing that Sombra sent as a thank you is probably the
Spray of the Dead.
The MISDIRECTION string lead to the page
https://lumerico.mx/MISDIRECTION/index.html containing (translated again):
Quote:
...Establishing connection...
...Sombra Protocol v2.3 initiated...
...Forwarding the data from the LumériCo ziggurat to the target...
...Deciphering the target passwords...
...Access Granted to the directory of volskayaindustries.com...
...boop ...
...Ending connection...
|
As of 2016-11-02, the website
http://volskayaindustries.com only has a placeholder saying Превышена нагрузка на сервер. Ведётся техобслуживание. (Server is overloaded and is under maintenance).