Sharing writeups of CTF challenges and Machines
Which security scanning tool was utilized by the attacker to fingerprint the blog website? Check the access log file in /Logs/var/log/apache2 Which CVE was exploited by the attacker? CVE-2023-3460 What was the IP Address utilized by the attacker to exploit the CVE? 23.106.60.163 What is the name of the backdoor user added to the blog … Read More “Sherlock Ultimatum write-up” »
To accurately reference and identify the suspicious binary, please provide its SHA256 hash. When was the binary file originally created, according to its metadata (UTC)? Examining the code size in a binary file can give indications about its functionality. Could you specify the byte size of the code in this binary? It appears that the … Read More “Heartbreaker-Continuum write-up” »
I will walk through Jingle Bell Sherlock. We have a database file. So let’s open it with Sqlite3. sqlite3 wpndatabase.db And let’s see the contents of the database. Ok, I see there is the column called Payload. Which software/application did Torrin use to leak Forela’s secrets? Then you can see Slack is used for communication. … Read More “Hack The Box – Sherlock – Jingle Bell” »
At a glance, what protocol seems to be suspect in this attack? At first glance, I see many DNS protocols. There seems to be a lot of traffic between our host and another, what is the IP address of the suspect host? I filtered it to only see DNS. When I scrolled it down a … Read More “Hack the box – Sherlocks – Litter” »
Analyzing the auth.log, can you identify the IP address used by the attacker to carry out a brute-force attack? we can easily find it in the log file. 65.2.161.68 The brute force attempts were successful, and the attacker gained access to an account on the server. What is the username of this account? We can … Read More “Hack the box – Sherlocks – Brutus” »
