Contenu

Cyberdefenders - Insider

Insider

  • Category : Digital Forensics
  • SHA1SUM : d820264d825fdaeb2146bf7b4c4e03684e700007
  • Published : May 25, 2021
  • Author : Champlain College
  • Size : 83 MB
  • Tags : Disk Linux FTK Kali

Uncompress the challenge (pass: cyberdefenders.org)

After Karen started working for ‘TAAUSAI,’ she began to do some illegal activities inside the company. ‘TAAUSAI’ hired you as a soc analyst to kick off an investigation on this case.

You acquired a disk image and found that Karen uses Linux OS on her machine. Analyze the disk image of Karen’s computer and Réponse the provided questions.

  • FTK Imager

./img/distribution.png

Réponse : kali

var > log > apache2. Faites un clic droit et exportez la liste de hachage pour le acces.log

Réponse : d41d8cd98f00b204e9800998ecf8427e

Path : root > Downloads

Réponse : mimikatz_trunk.zip

In the bash_history we find :

1
2
touch snky snky > /root/Desktop/SuperSecretFile.txt
cat snky snky > /root/Desktop/SuperSecretFile.txt 

Réponse : /root/Desktop/SuperSecretFile.txt

Still in bash_history

1
binwalk didyouthinkwedmakeiteasy.jpg 

Réponse : binwalk

Path : /root/Desktop/Checklist

1
2
3
4
5
Check List:

- Gain Bob's Trust
- Learn how to hack
- Profit

Réponse : Profit

Path : var > log > apache2. Apache logs are empty

Réponse : 0

Path : /root/irZLAohL.jpeg

Réponse : irZLAohL.jpeg

Path : /root/Documents/myfirsthack/firstscript_fixed

Réponse : Young

We can find that information in auth log :

1
/var/log/auth.log | grep 11:26

Réponse : postgres

The last cd instruction In the bash_history was :

1
cd ../Documents/myfirsthack/

Réponse : /root/Documents/myfirsthack/