We will be doing forensic from hack the box
Image Not Showing
Possible Reasons
- The image was uploaded to a note which you don't have access to
- The note which the image was originally uploaded to has been deleted
Learn More →
Before we start our inverstigation we need first to understand the challenge disciption
objective
Lets begin the inverstigation
Image Not Showing
Possible Reasons
- The image was uploaded to a note which you don't have access to
- The note which the image was originally uploaded to has been deleted
Learn More →
Now we can try few things here such as 'http' as a filter to see if there is some fun stuffs via http.
Image Not Showing
Possible Reasons
- The image was uploaded to a note which you don't have access to
- The note which the image was originally uploaded to has been deleted
Learn More →
Actually here i didn't get any useful information so i decided to move on with my inverstigation, i came across this
Image Not Showing
Possible Reasons
- The image was uploaded to a note which you don't have access to
- The note which the image was originally uploaded to has been deleted
Learn More →
If you take a close look you will see 'telnet', so i decided to inpect it more and see what it have, coz we all know about telnet protocol.
Image Not Showing
Possible Reasons
- The image was uploaded to a note which you don't have access to
- The note which the image was originally uploaded to has been deleted
Learn More →
Here the attacker tried to login with default creds via telnet session and he found himself in men that one was very simple actually although telnet is not used nowadays.
Lets proceed, lets see what was his next move after he has gain access via telnet session
Image Not Showing
Possible Reasons
- The image was uploaded to a note which you don't have access to
- The note which the image was originally uploaded to has been deleted
Learn More →
And he managed to get a shell as a www-data user which means the backdoor he set was on the web or via telnet but i guess was via web application that was running the market shop application
Image Not Showing
Possible Reasons
- The image was uploaded to a note which you don't have access to
- The note which the image was originally uploaded to has been deleted
Learn More →
FLAG PART
The attacker now tried also to cat the contents of the custumer.sql and if you scroll much further you will find a weed interesting text encoded. There is a bunch of dumped details so you need to scroll faster here.
Image Not Showing
Possible Reasons
- The image was uploaded to a note which you don't have access to
- The note which the image was originally uploaded to has been deleted
Learn More →
Once i saw this i knew it was encoded but didn't know method did he use to do that so i decide to do it manual with my terminal.
And finally we have solved the challenge