forensicshard

TrueSecrets

hackthebox

Our cybercrime unit has been investigating a well-known APT group for several months. The group has been responsible for several high-profile attacks on corporate organizations. However, what is interesting about that case, is that they have developed a custom command & control server of their own.

$ ls tags/ techniques/

encryption memory_forensics password_recovery volatility3 truecrypt aes_xts des_cbc c2_server fat12 process_memory windows_7

memory_dump_analysistruecrypt_password_recovery_from_memorytruecrypt_container_decryptionaes256_xts_decryptionpbkdf2_hmac_sha512des_cbc_decryptionfat12_extractionc2_source_code_analysisprocess_memory_dump

Analysis

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat.

$ python3 exploit.py --target 192.168.1.1 --port 8080
[*] Connecting to target...
[+] Shell obtained!

Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.

🔒

Permission denied (requires tier.pro)

Sign in to access full writeups

Create a free account with GitHub, then upgrade to Pro.

$ssh [email protected]