CyberDefenders: BlueTeam CTF Challenges

Exfiltrated

SHA1SUM	1f190082a122f74baa19f1b8189bbb0172301c66
Published	Nov. 2, 2021
Author	CyberDefenders
Size	3.3 GB
Tags	Linux RedHat Disk Keylogger

Instructions	Uncompress the challenge (pass: cyberdefenders.org)

Stuck? Acquire the skills you need to solve this challenge!

Your progress

0% Completed0/15 Questions

Your score

0/1600

Digital Forensics

Last solve

1 day ago by saber22

Scenario

The enterprise EDR alerted for possible exfiltration attempts originating from a developer RedHat Linux machine. A fellow SOC member captured a disk image for the suspected machine and sent it for you to analyze and identify the attacker's footprints.

Tools

#	Question	Weight	Solved
#1	What is the RHEL version installed on the machine?	50	295
Hint Report an issue

#2	How many users have a login shell?	50	296
Hint Report an issue

#3	How many users are allowed to run the sudo command on the system?	100	283
Hint Report an issue

#4	What is the 'rossatron' user password?	50	248
Hint Report an issue

#5	What is the Victim's IP address?	50	254
Hint Report an issue

#6	What service did the attacker use to gain access to the system?	100	264
Hint Report an issue

#7	What is the attacker's IP address?	50	262
Hint Report an issue

#8	What authentication attack did the attacker use to gain access o the system?	100	255
Hint Report an issue

#9	How many users the attacker was able to bruteforce their password?	100	252
Hint Report an issue

#10	When did the attack start? (DD/MM/YYYY)	50	242
Hint Report an issue

#11	What is the user used by the attacker to gain initial access to system?	150	242
Hint Report an issue

#12	What is the MITRE ID of the technique used by the attacker to achieve persistence?	150	221
Hint Report an issue

#13	What is the CVE number used by the attacker to escalate his Privilege?	150	214
Hint Report an issue

#14	After gaining more privilege the attacker dropped a backdoor to gain more persistence which receives commands from Gmail account. What is the email used to send commands?	200	223
Hint Report an issue

#15	The attacker downloaded a keylogger to capture users' keystrokes. What is the secret word the attacker was able to exfiltrate?	250	187
Hint Report an issue

Submit Writeup