Injector

Category : Digital Forensics

FTK Imager Windows Memory

661 Players

4.0 (41)

Medium

What is the computer's name?

Weight : 50 | Solved : 311

What is the Timezone of the compromised machine? Format: UTC+0 (no-space)

Weight : 50 | Solved : 287

What was the first vulnerability the attacker was able to exploit?

Weight : 50 | Solved : 263

What is the OS build number?

Weight : 50 | Solved : 275

How many users are on the compromised machine?

Weight : 50 | Solved : 291

What is the webserver package installed on the machine?

Weight : 50 | Solved : 280

What is the name of the vulnerable web app installed on the webserver?

Weight : 50 | Solved : 268

What is the user agent used in the HTTP requests sent by the SQL injection attack tool?

Weight : 100 | Solved : 250

The attacker read multiple files through LFI vulnerability. One of them is related to network configuration. What is the filename?

Weight : 100 | Solved : 241

Q10

The attacker tried to update some firewall rules using netsh command. Provide the value of the type parameter in the executed command?

Weight : 100 | Solved : 233

Q11

How many users were added by the attacker?

Weight : 100 | Solved : 261

Q12

When did the attacker create the first user?

Weight : 100 | Solved : 232

Q13

What is the NThash of the user's password set by the attacker?

Weight : 100 | Solved : 243

Q14

What is The MITRE ID corresponding to the technique used to keep persistence?

Weight : 100 | Solved : 221

Q15

The attacker uploaded a simple command shell through file upload vulnerability. Provide the name of the URL parameter used to execute commands?

Weight : 100 | Solved : 225

Q16

One of the uploaded files by the attacker has an md5 that starts with "559411". Provide the full hash.

Weight : 200 | Solved : 215

Q17

The attacker used Command Injection to add user "hacker" to the "Remote Desktop Users" Group. Provide the IP address that was part of the executed command?

Weight : 200 | Solved : 225

Q18

The attacker dropped a shellcode through SQLi vulnerability. The shellcode was checking for a specific version of PHP. Provide the PHP version number?

Weight : 300 | Solved : 204

Instructions:

Unzip the challenge (pass: cyberdefenders.org)

A company’s web server has been breached through their website. Our team arrived just in time to take a forensic image of the running system and its memory for further analysis.

As a security analyst, you are tasked with mounting the image to determine how the system was compromised and the actions/commands the attacker executed.

Tools: