CyberDefenders: BlueTeam CTF Challenges

GrabThePhisher

SHA1SUM	a10658aa9561317b1f700331cec85f9a70ba1bf4
Published	July 23, 2022
Author	Milann SHRESTHA
Size	894 KB
Tags	kit threat intel osint phishing

Instructions	Uncompress the challenge (pass: cyberdefenders.org)

Your progress

0% Completed0/12 Questions

Your score

0/2050

Threat Intel

Last solve

today by SweetLikeTwinkie

Scenario:

An attacker compromised a server and impersonated https://pancakeswap.finance/, a decentralized exchange native to BNB Chain, to host a phishing kit at https://apankewk.soup.xyz/mainpage.php. The attacker set it as an open directory with the file name "pankewk.zip".

Provided the phishing kit, you are requested to analyze it and do your threat intel homework.

#	Question	Weight	Solved
#1	Which wallet is used for asking the seed phrase?	50	412
Report an issue

#2	What is the file name that has the code for the phishing kit?	50	394
Report an issue

#3	In which language was the kit written?	50	403
Report an issue

#4	What service does the kit use to retrieve the victim's machine information?	100	334
Report an issue

#5	How many seed phrases were already collected?	100	372
Hint Report an issue

#6	Write down the seed phrase of the most recent phishing incident?	150	362
Report an issue

#7	Which medium had been used for credential dumping?	150	343
Hint Report an issue

#8	What is the token for the channel?	250	363
Report an issue

#9	What is the chat ID of the phisher's channel?	250	364
Report an issue

#10	What are the allies of the phish kit developer?	300	361
Hint Report an issue

#11	What is the full name of the Phish Actor?	300	306
Report an issue

#12	What is the username of the Phish Actor?	300	305
Report an issue

Submit Writeup