Injector Blue Team Challenge

Category : Endpoint Forensics

4.4

Medium

Attention! "Injector" is no longer active and will not contribute to leaderboard points. However, you can still solve the lab and explore avaliable walkthroughs to gain valuable experience.

What is the computer's name?

Weight : 50 | Solved : 466 | Average Solve Time: 1 minute

What is the Timezone of the compromised machine? Format: UTC+0 (no-space)

Weight : 50 | Solved : 432 | Average Solve Time: 7 minutes

What was the first vulnerability the attacker was able to exploit?

Weight : 50 | Solved : 404 | Average Solve Time: 21 minutes

What is the OS build number?

Weight : 50 | Solved : 417 | Average Solve Time: 4 minutes

How many users are on the compromised machine?

Weight : 50 | Solved : 439 | Average Solve Time: 7 minutes

What is the webserver package installed on the machine?

Weight : 50 | Solved : 428 | Average Solve Time: 4 minutes

What is the name of the vulnerable web app installed on the webserver?

Weight : 50 | Solved : 415 | Average Solve Time: 8 minutes

What is the user agent used in the HTTP requests sent by the SQL injection attack tool?

Weight : 100 | Solved : 389 | Average Solve Time: 1 minute

The attacker read multiple files through LFI vulnerability. One of them is related to network configuration. What is the filename?

Weight : 100 | Solved : 381 | Average Solve Time: 5 minutes

Q10

The attacker tried to update some firewall rules using netsh command. Provide the value of the type parameter in the executed command?

Weight : 100 | Solved : 365 | Average Solve Time: 3 minutes

Q11

How many users were added by the attacker?

Weight : 100 | Solved : 402 | Average Solve Time: 3 minutes

Q12

When did the attacker create the first user?

Weight : 100 | Solved : 367 | Average Solve Time: 9 minutes

Q13

What is the NThash of the user's password set by the attacker?

Weight : 100 | Solved : 380 | Average Solve Time: 1 minute

Q14

What is The MITRE ID corresponding to the technique used to keep persistence?

Weight : 100 | Solved : 352 | Average Solve Time: 2 minutes

Q15

The attacker uploaded a simple command shell through file upload vulnerability. Provide the name of the URL parameter used to execute commands?

Weight : 100 | Solved : 355 | Average Solve Time: 7 minutes

Q16

One of the uploaded files by the attacker has an md5 that starts with "559411". Provide the full hash.

Weight : 200 | Solved : 339 | Average Solve Time: 1 minute

Q17

The attacker used Command Injection to add user "hacker" to the "Remote Desktop Users" Group. Provide the IP address that was part of the executed command?

Weight : 200 | Solved : 354 | Average Solve Time: 8 minutes

Q18

The attacker dropped a shellcode through SQLi vulnerability. The shellcode was checking for a specific version of PHP. Provide the PHP version number?

Weight : 300 | Solved : 328 | Average Solve Time: 41 minutes

Instructions:

Unzip the challenge (pass: cyberdefenders.org)

A company’s web server has been breached through their website. Our team arrived just in time to take a forensic image of the running system and its memory for further analysis.

As a soc analyst, you are tasked with mounting the image to determine how the system was compromised and the actions/commands the attacker executed.

Tools:

Stuck? Don't worry

We've got you covered! 🛠️ Head over to the community lab channel for guidance #injector channel

First blood

hnl

962 days ago

Last solve

pr0m3th3us

today

Injector Blue Team Challenge

Category : Endpoint Forensics

Memory

Windows

Disk

FTK Imager

Stuck? Don't worry

First blood

Last solve

Blog

Media Kit

Store

Careers

Injector Blue Team Challenge

Category : Endpoint Forensics

Memory

Windows

Disk

FTK Imager

Stuck? Don't worry

First blood

Last solve