Aleyna
Lab link. Your local sticker shop has finally developed its own webpage. They do not have too much experience regarding web development, so they decided to develop and host everything on the same computer that they use for browsing the internet and looking at customer feedback. Smart move! Can you read the flag at http://MACHINE_IP:8080/flag.txt? …
Lab link. Questions 1. What is the flag? mosquitto_pub -h localhost -t “d2FyZXZpbGxl/Y2hyaXN0bWFzbGlnaHRz” -m “on”
Lab link. Questions 1. Crack the hash value stored in hash1.txt. What was the password? To crack a hash, the first step is to identify its type. For this, we use the hash-id tool. This tool analyzes the provided hash and suggests possible hash types, which helps us choose the correct cracking method. Based on the …
Lab link. Questions 1. What is the name of the webshell that was used by Mayor Malware? The Kubernetes cluster is started using Minikube. The output shows that the cluster has been successfully started and configured by default. We check the status of the pods running in the ‘wareville’ namespace. It may be necessary to …
Lab link. Questions 1. What is the function name that downloads and executes files in the WarevilleApp.exe? DownloadAndExecuteFile 2. Once you execute the WarevilleApp.exe, it downloads another binary to the Downloads folder. What is the name of the binary? explorer.exe 3. What domain name is the one from where the file is downloaded after running …
Lab link. Questions 1. What was the first message the payload sent to Mayor Malware’s C2? ip.src == 10.10.229.217 system prompt 2. What was the IP address of the C2 server? 10.10.123.224 3. What was the command sent by the C2 server to the target machine? whoami 4. What was the filename of the critical …
Lab link. Questions 1. What is the OTP flag? If we run the command frida-trace ./TryUnlockMe -i ‘libaocgame.so!*’, it will automatically start tracing all the functions. The penguin is requesting a PIN code, which is handled by the _Z7set_otpi function. The _Z7set_otpi function manages the OTP process. We open the file in Visual Studio Code …
Lab link. Questions 1. What is the technical term for a set of rules and instructions given to a chatbot? system prompt 2. What query should we use if we wanted to get the “status” of the health service from the in-house API? Use the health service with the query: status 3. After achieving a …
Lab link. Questions 1. Extract all the events from the cctv_feed logs. How many logs were captured associated with the successful login? 642 2. What is the Session_id associated with the attacker who deleted the recording? rij5uu4gt204q0d3eb7jj86okt 3. What is the name of the attacker found in the logs, who deleted the CCTV footage?
Lab link. Questions 1. What is the password for backupware that was leaked? az ad user list –filter “startsWith(‘wvusr-‘, displayName)” R3c0v3r_s3cr3ts! 2. What is the group ID of the Secret Recovery Group? 7d96660a-02e1-4112-9515-1762d0cb66b7 3. What is the name of the vault secret? az account clearaz login -u wvusr-backupware@aoc2024.onmicrosoft.com -p R3c0v3r_s3cr3ts! az keyvault list az keyvault …