Forever 3.14 image Tải file ib về và mở bằng Notepad xem thử thì thấy đây là file eml. Ném thử lên web EML Viewer Online thì lại chỉ thấy có 1 mail, trông không đúng lắm vì khi đọc bằng Notepad thì thấy rất dài ._. image Quay ra đọc chay bằng Notepad thì thấy 1 đoạn base64 dài, phía trên là 1 mail đến từ theonlyneevec@gmail.com với nội dung gì đó liên quan tới Discord image

swatted San Andreas PD recently conducted a raid on a suspect's residence, discovering that their laptop contains crucial evidence. As a Digital Forensics Investigator, it is now your responsibility to analyze the evidence and answer the related questions. Bài cho file .vmdk của 1 máy ubuntu, dưới đây là toàn bộ câu hỏi và câu trả lời của bài [1]. What is the credential used to login to the machine? Format: username:password ==> imsadboi:qwerty CORRECT! [2]. The criminal used a messaging app to communicate with his partner. What is the name of the app?

verboten (Forensic) DESCRIPTION Randon, an IT employee finds a USB on his desk after recess. Unable to contain his curiosity he decides to plug it in. Suddenly the computer goes haywire and before he knows it, some windows pops open and closes on its own. With no clue of what just happened, he tries seeking help from a colleague. Even after Richard's effort to remove the malware, Randon noticed that the malware persisted after his system restarted. Note For Q7: 12HR time format All epoch times should be converted to IST (UTC + 5:30).

Silicon Data Sleuthing Bài cho 1 file firmware OpenWrt, nhiệm vụ là tìm hiểu thông tin có trong file và trả lời câu hỏi để lấy flag. Mình sử dụng binwalk để extract file firmware binwalk -e chal_router_dump.bin What version of OpenWRT runs on the router (ex: 21.02.0) Có nhiều chỗ để tìm version của firmware OpenWrt. Ở đây mình mở file banner trong /squashfs-root/etc/ ra để đọc _______ ________ __ | |.-----.-----.-----.| | | |.----.| |_ | - || _ | -__| || | | || _|| _|

Externet Inplorer Bạn có thể tìm được timestamp của url này khi nó được search không? URL: https://www.google.com/search?q=how+to+hack+facebook&sca_esv=566211836&source=hp&ei=FgsIZdOxIfaB2roP1r-QsA4&iflsig=AO6bgOgAAAAAZQgZJgCWK60cSQUhq1etDPOxGw-Hrq5j&ved=0ahUKEwjTlMPZ37OBAxX2gFYBHdYfBOYQ4dUDCAk&uact=5&oq=how+to+hack+facebook&gs_lp=Egdnd3Mtd2l6IhRob3cgdG8gaGFjayBmYWNlYm9vazIIEAAYgAQYxwMyCBAAGIAEGMcDMgUQABiABDIFEAAYgAQyCBAAGIAEGMcDMggQABiABBjHAzIIEAAYgAQYxwMyCBAAGIAEGMcDMggQABiABBjHAzIIEAAYgAQYxwNI-DdQ4QFYuDZwDngAkAEAmAGdAaABphuqAQUxMS4yMrgBA8gBAPgBAagCB8ICEBAAGAMYjwEY5QIY6gIYjAPCAhAQLhgDGI8BGOUCGOoCGIwDwgIREC4YgAQYsQMYgwEYxwEY0QPCAgsQLhiABBixAxiDAcICCxAAGIAEGLEDGIMBwgILEAAYigUYsQMYgwHCAggQABiABBixA8ICERAuGIoFGLEDGIMBGMcBGNEDwgIQEAAYgAQYsQMYgwEYsQMYCsICBRAuGIAEwgILEC4YgAQYxwEY0QPCAggQABiKBRiGA8ICBhAAGBYYHsICCBAAGIoFGLEDwgILEC4YigUYsQMYgwHCAgQQABgDwgIIEC4YgAQYsQPCAgoQABiABBhGGP8B&sclient=gws-wiz Flag format: KCSC{yyyy-mm-dd_hh:mm:ss.milisec} Author: Nex0 Mình dùng trang này để phân tích url

it_has_begun Bài cho 1 file bash. Flag có 2 phần, 1 phần bị đảo ngược và 1 phần base64 encoded image Flag: HTB{w1ll_y0u_St4nd_y0uR_Gr0uNd!!} Urgent Bài cho 1 file .eml, đính kèm file onlineform.html, đọc source có thể thấy một đoạn url encoded, đáp lên CyberChef và để nó nấu.

Start up finding the right profile to use in Volatility2. The Win7SP1x86 profile worked for me throughout the challenge. I also renamed the file to 'ringo' to make it easier to work with. From the title of the challenge, I believe it's a hint so I tried using the envars plugin to find the flag. python2 vol.py -f ~/ringo --profile=Win7SP1x86 envars image And we got the flag Flag-66d7724d872da91af56907aea0f6bfb8

Start with windows.pslist and windows.cmdline, I've found mspaint.exe, Winrar with a file named "Important.rar" For the mspaint.exe, I dumped out the whole process from the memory for investigation with windows.memmap, and change the extension from .dmp to .data to open it with GIMP >python3 vol.py -f ~/Lab1.raw windows.memmap.Memmap --pid 2424 --dump >cp pid.2424.dmp pid.2424.data Gotta play with the offset, width and height a lil' bit to get the flag flag{G00d_BoY_good_girL} Back to the Important.rar, just dump the file out, open it up and we need the password. The comment in the rar file said password is the NTLM hash of the user, then let's dump the hash out

FTP (File Transfer Protocol) Overview FTP uses TCP ports 20 and 21. Usernames and passwords are used for authentication, but no encryption (plain-text). For security, use FTPS (FTP over SSL/TLS) and SFTP (SSH File Transfer Protocol). Client can navigates file directories, add and remove directories, list files, etc., on server, and client sends FTP commands to the server to perform these functions. FTP uses two types of connections:FTP control connection (TCP 21): established and used to send FTP commands and replies. FTP data connections (TCP 20): when files or data are to be transferred, seperate FTP data connections are establish and terminated as needed. FTP data connections - ACTIVE MODE