CEH Skill Check - Part IV

Challenge 1:

The mobile device of an employee in CEHORG has been hacked by the hacker to perform DoS attack on one of the server in company network. You are assigned to analyse "Andro.pcapng" located in Documents directory of EH workstation-2 and identify the severity level of the attack. (Note: perform deep down Expert Info analysis). (Format: Aaaaaaa )

Wireshark打開Analyze –> Expert information

Challenge 2:

An ex-employee of CEHORG is suspected to be performing insider attack. You are assigned a task to attain KEYCODE-75 used in the employees' mobile phone. Note: use option p in PhoneSploit for next page. (Format: AAAAAAAAAA )

用PhoneSploit，連接過後按p到第二頁有個叫做USE KEYCODE的選項

Challenge 3:

An employee in CEHORG has secretly acquired Confidential access ID through an application from the company. He has saved this information on the Downloads folder of his Android mobile phone. You have been assigned a task as an ethical hacker to access the file and delete it covertly. Enter the account information present in the file. Note: Only provide the numeric values in the answer field. (Format: NNNNNNNN)

透過adb 連接好victim之後去到/sdcard/Download/裡面有個txt檔案及是答案

Challenge 4:

An attacker has hacked one of the employees android device in CEHORG and initiated LOIC attack from the device. You are an ethical hacker who had obtained a screenshot of the attack using a background application. Obtain the screenshot of the attack using PhoneSploit from the attacked mobile device and determine the targeted machine IP along with send method. (Format: NNN.NN.N.NN*AAAA)

透過PhontSploit裡面其中一個選項可以拿取victim裡面檔案，這張圖片路徑為/sdcard/DCIM/capture.png

Challenge 5:

An attacker installed a malicious mobile application 'AntiMalwarescanner.apk' on the victims android device which is located in EH workstation-2 documents folder. You are assigned a task to perform security audit on the mobile application and find out whether the application using permission to Read-call-logs. (Format: Aaa )

丟到線上網站SISIK，查看分析結果即可得知答案

Challenge 6:

An attacker had sent a message 166.150.247.183/US to the victim. You are assigned to perform footprinting using shodan.io in order to identify whether the message belongs to SCADA/ICS/IoT systems in US. (Format: AaA)

EC題目出爛shodan 根本沒這台
ans:IoT

Challenge 7:

CEHORG hosts multiple IOT devices and sensors to manage its supply chain fleet. You are assinged a task to examine the file "IOT Traffic.pcapng" located in the Home directory of the root user in the "EH Workstation - 1" machine. Analyze the packet and find the topic of the message sent to the sensor. (Format: Aaaaa*Aaaaa)

filter下mqtt因為是要看IoT，之後可以看到有publish messeage 詳細查看即可看到答案

Challenge 8:

CEHORG hosts multiple IoT devices and sensors to manage its supply chain fleet. You are assinged a task to examine the file "IOT Traffic.pcapng" located in the Home directory of the root user in the "EH Workstation - 1" machine. Analyze the packet and find the topic of the message sent to the sensor. (Format: )

EC出爛，跟上一模一樣，但是答案怎麼填都是錯的

Challenge 9:

CEHORG hosts multiple IOT devices and network sensors to manage its IT-department. You are assigned a task to examine the file "NetworkNS_Traffic.pcapng" located in the Documents folder of the user in the "EH Workstation - 2" machine. Analyze the packet and find the alert message sent to the sensor. (Format: Aaaa Aaa*aa *aaaa)

一樣IoT filter 下mqtt，找到publish messeage –> Follow tcp stream

Challenge 10:

You have received a folder named "Archive" from a vendor. You suspect that someone might have tampered with the files during transmission. The Original hashes of the files have been sent by the sender separately and are stored in a file named FileHashes.txt stored in the Document folder in the "EH Workstation – 2" machine. Your task is to check the integrity of the files by comparing the MD5 hashes. Compare the hash values and determine the file name that has been tampered with. Note: Exclude the file extension in the answer field. The answer is case-sensitive. (Format: Aaaaaa)

用MD5 calc開題目要求資料夾計算，比對題目要求檔案FileHashes.txt，發現Quotes不一樣

Challenge 11:

An attacker has intruded into the CEHORG network with malicious intent. He has identified a vulnerability in a machine. He has encoded the machine's IP address and left it in the database. While auditing the database, the encoded file was identified by the database admin. Decode the EncodedFile.txt file in the Document folder in the "EH Workstation – 2" machine and enter the IP address as the answer. (Hint: Password to decode the file is Pa$$w0rd). (Format: NN.NN,NN,NN)

EncodedFile.txt這文件打開就有寫到BCText......，打開那個工具，輸入題目給的密碼即可

Challenge 12:

The Access code of an employee was stolen from the CEHORG database. The attacker has encrypted the file using the Advance Encryption Package. You have been assigned a task to decrypt the file; the organization has retained the cipher file ""AccessCode.docx.aes"" in the Document folder in the ""EH Workstation – 2"" machine. Determine the access code by decrypting the file. Hint: Use ""qwerty"" as the decryption password. Note: Advanced Encryption Package is available at E:\CEH-Tools\CEHv12 Module 20 Cryptography\Cryptography Tools. (Format: AAAAAANNNN)

也是一樣檔案名稱的尾端透露了使用的工具，在本機搜尋aes，就找到AES-Tool，打開後開文件輸入密碼，之後就可以拿到了

Challenge 13:

A VeraCrypt volume file "secret" is stored on the Document folder in the "EH Workstation – 2" machine. You are an ethical hacker working with CEHORG; you have been tasked to decrypt the encrypted volume and determine the number of files stored in the volume. (Hint: Password: test). (Format: N)

題目有提到VeraCrypt，打開這工具後一樣無腦的輸入密碼打開檔案就有答案

Challenge 14:

An attacker had sent a file cryt-128-06encr.hex containing ransom file password, which is located in documents folder of EH-workstation-2. You are assigned a task to decrypt the file using cryp tool. Perform cryptanalysis, Identify the algorithm used for file encryption and hidden text. Note: check filename for key length and hex characters. (Format: Aaaaaaa/aaaA*a)

這題要通靈密碼、加密類型，實在沒通靈出來