Skip to main content

TryHackMe | Advent of Cyber 2024 | Day 1 | by INDCRYPT

 

Dive into the wonderful world of cyber security by engaging in festive beginner-friendly exercises every day in the lead-up to Christmas!

Day 1: Maybe SOC-mas music, he thought, doesn't come from a store?

Answer the questions below

1. Looks like the song.mp3 file is not what we expected! Run "exiftool song.mp3" in your terminal to find out the author of the song. Who is the author? 

exiftool '/root/Downloads/download/song.mp3'
ExifTool Version Number         : 13.00
File Name                       : song.mp3
Directory                       : /root/Downloads/download
File Size                       : 4.6 MB
File Modification Date/Time     : 2024:10:24 10:50:46-04:00
File Access Date/Time           : 2024:12:01 13:29:38-05:00
File Inode Change Date/Time     : 2024:12:01 13:29:36-05:00
File Permissions                : -rwxr-xr-x
File Type                       : MP3
File Type Extension             : mp3
MIME Type                       : audio/mpeg
MPEG Audio Version              : 1
Audio Layer                     : 3
Audio Bitrate                   : 192 kbps
Sample Rate                     : 44100
Channel Mode                    : Stereo
MS Stereo                       : Off
Intensity Stereo                : Off
Copyright Flag                  : False
Original Media                  : False
Emphasis                        : None
ID3 Size                        : 2176
Artist                          : Tyler Ramsbey
Album                           : Rap
Title                           : Mount HackIt
Encoded By                      : Mixcraft 10.5 Recording Studio Build 621
Year                            : 2024
Genre                           : Rock
Track                           : 0/1
Comment                         :
Date/Time Original              : 2024
Duration                        : 0:03:11 (approx)

Answer: Tyler Ramsbey

2. The malicious PowerShell script sends stolen info to a C2 server. What is the URL of this C2 server?

 https://github.com/Atom1cByte/CryptoWallet-Search/issues/1

Anwer:  http://papash3ll.thm/data

3. Who is M.M? Maybe his Github profile page would provide clues?

https://github.com/MM-WarevilleTHM/M.M 

Answer: Mayor Malware 

4. What is the number of commits on the GitHub repo where the issue was raised?

Answer: 1 


5. If you enjoyed this task, feel free to check out the OPSEC room!

6. What's with all these GitHub repos? Could they hide something else?

 

 Thank YOU 

 

Labels:

Comments

Post a Comment

Popular posts from this blog

Weak Registration Mechanism Vulnerability (P4)

The user registration and account verification process in the application is vulnerable due to a weak implementation of the verification link. Specifically, the verification link is sent via HTTP rather than the more secure HTTPS . This exposes the system to potential man-in-the-middle (MITM) attacks and account takeover risks . While this issue does not necessarily lead to immediate access to user accounts, attackers could intercept and manipulate the verification link, potentially gaining unauthorized access to accounts or causing data leakage .       Steps to Reproduce: Open the URL: example.com/signup . Complete the registration process to trigger the verification email. Open your inbox and locate the verification email. Right-click on the verification link and select "Copy link address." Paste the link into a text editor or directly into your browser's address bar. Check if the URL uses HTTP instead of HTTPS . Press Enter to open the link and observe the behavio...
Post a Comment
Read more

Exposing Login Page Vulnerabilities with Time-Based SQL Injection

In the realm of cybersecurity, SQL injection remains a notorious threat, with time-based SQL injection being one of the most elusive methods. This tutorial will guide you through exploiting a login page vulnerability using two powerful tools: SQLMap and Burp Suite. By the end of this demonstration, you’ll understand how these attacks work and learn crucial defense mechanisms to protect your web applications. The Basics of SQL Injection SQL injection is a technique where an attacker exploits improperly sanitized user inputs to execute arbitrary SQL commands on a database. In time-based SQL injection, the attacker leverages the database’s response time to infer whether the input was successful, without needing direct feedback from the application. vulnerable webpage Practical Demonstration: Lets dive into the practical demonstration: Step 1 : Open Burp Suite and navigate to the “Proxy” tab. Ensure the proxy is running. Step 2 : Configure your browser to use Burp Suite as a...
Post a Comment
Read more