Monat: Dezember 2022

https://tryhackme.com/room/adventofcyber4

Task 27 [Day 22] Attack Surface Reduction Threats are failing all around me

Frage 1:
Follow the instructions in the attached static site to help McSkidy reduce her attack surface against attacks from the Yeti. Use the flag as an answer to complete the task.

Hier müssen wir die passenden Bausteine den Aussagen zuordnen:

Antwort 1:
THM{4TT4CK SURF4C3 R3DUC3D}

Weiterlesen

https://tryhackme.com/room/adventofcyber4

Task 20 [Day 15] Secure Coding Santa is looking for a Sidekick

Frage 1:
What is the name given to file uploads that allow threat actors to upload any files that they want?

Antwort 1:
unrestricted

Frage 2:
What is the title of the web application developed by Santa’s freelancer?

Antwort 2:
SantaSideKick2

Weiterlesen

https://tryhackme.com/room/adventofcyber4

Task 18 [Day 13] Packet Analysis Simply having a wonderful pcap time

Frage 1:
View the „Protocol Hierarchy“ menu.

What is the „Percent Packets“ value of the „Hypertext Transfer Protocol“?

Wir öffnen die bereitgestellte Datei und Navigieren zu Statistics -> Protocol Hierarchy.

Antwort 1:
0.3

Weiterlesen

https://tryhackme.com/room/adventofcyber4

Task 15 [Day 10] Hack a game You’re a mean one, Mr. Yeti

Frage 1:
What is the Guard’s flag?

Wir folgen der Anleitung im Task und nachdem sich die Tür geöffnet hat sprechen wir mit der Wache.

Antwort 1:
THM{5_star_Fl4gzzz}

Weiterlesen

https://tryhackme.com/room/adventofcyber4

Task 14 [Day 9] Pivoting Dock the halls

Frage 1:
Deploy the attached VM, and wait a few minutes. What ports are open?

Hier hilft uns ein nmap Scan:

└─$ nmap 10.10.109.8                 
Starting Nmap 7.93 ( https://nmap.org ) at 2022-12-14 18:47 CET
Nmap scan report for 10.10.109.8
Host is up (0.047s latency).
Not shown: 999 closed tcp ports (conn-refused)
PORT   STATE SERVICE
80/tcp open  http

Nmap done: 1 IP address (1 host up) scanned in 0.83 seconds

Antwort 1:
80

Frage 2:
What framework is the web application developed with?

Port 80 ist offen, dieser zeigt eine http Seite an. Wir öffnen die SEite in unserem Browser (http://MACHINE_IP:80).

Hier sehen wir, dass Laravel benutzt wird.

Antwort 2:
Laravel

Weiterlesen

https://tryhackme.com/room/adventofcyber4

Task 12 [Day 7] CyberChef Maldocs roasting on an open fire

Frage 1:
What is the version of CyberChef found in the attached VM?

Die Version steht in der Adresszeile des Browsers.

Antwort 1:
9.49.0

Weiterlesen

https://tryhackme.com/room/adventofcyber4

Task 11 [Day 6] Email Analysis It’s beginning to look a lot like phishing

Frage 1:
What is the email address of the sender?

Wir machen einen Rechtsklick auf den Desktop und wählen „Open Terminal“, dann geben wir unseren Befehl ein:

ubuntu@ip-10-10-136-88:~/Desktop$ emlAnalyzer -i Urgent:.eml --header --html -u --text --extract-all
 ==============
 ||  Header  ||
 ==============
X-Pm-Content-Encryption.....end-to-end
X-Pm-Origin.................internal
Subject.....................Urgent: Blue section is down. Switch to the load share plan!
From........................Chief Elf <chief.elf@santaclaus.thm>
Date........................Tue, 6 Dec 2022 00:00:01 +0000
Mime-Version................1.0
Content-Type................multipart/mixed;boundary=---------------------03edd9c682a0c8f60d54b9e4bb86659f
To..........................elves.all@santaclaus.thm <elves.all@santaclaus.thm>
X-Attached..................Division_of_labour-Load_share_plan.doc
Message-Id..................<QW9DMjAyMl9FbWFpbF9BbmFseXNpcw==>
X-Pm-Spamscore..............3
Received....................from mail.santaclaus.thm by mail.santaclaus.thm; Tue, 6 Dec 2022 00:00:01 +0000
X-Original-To...............elves.all@santaclaus.thm
Return-Path.................<murphy.evident@bandityeti.thm>
Delivered-To................elves.all@santaclaus.thm

 =========================
 ||  URLs in HTML part  ||
 =========================
[+] No URLs found in the html

 =================
 ||  Plaintext  ||
 =================
[+] Email contains no plaintext

 ============
 ||  HTML  ||
 ============
<span>Dear Elves,</span><div><br></div><div><span>Due to technical problems in the blue section of our toy factory, we are having difficulties preparing some toys. </span></div><div><br></div><div><span>There
 are a few days left to Christmas, so we need to use time efficiently to
 prepare every wishlist we receive. Due to that, the blue section's 
workload is shared with the rest to avoid any toy production delay.</span></div><div><br></div><div><span>The detailed division of labour is included in the attached document.</span></div><div><br></div><div><span>Good luck to you all.</span></div><div><br></div><div><b><span>Chief Elf</span></b></div><div><br></div>

 =============================
 ||  Attachment Extracting  ||
 =============================
[+] Attachment [1] "Division_of_labour-Load_share_plan.doc" extracted to eml_attachments/Division_of_labour-Load_share_plan.doc

Antwort 1:
chief.elf@santaclaus.thm

Weiterlesen

https://tryhackme.com/room/adventofcyber4

Task 1-5

Diese Tasks enthalten keine Fragen.

Task 6 [Day 1] Frameworks Someone’s coming to town!

Frage 1:
Who is the adversary that attacked Santa’s network this year?

Wir klicken auf „View Site“ und bekommen ein paar Rätsel und Puzzel vorgesetzt. Diese müssen wir lösen und erhalten unsere Antwort:

Antwort 1:
The Bandit Yeti!

Weiterlesen