forensicshard

RedTrails

hackthebox

Task: analyze a pcap of a Redis server attack to find a three-part flag hidden across data exfiltration, obfuscated bash malware, and AES-encrypted command output. Solution: parse Redis RESP protocol for flag part in user email, deobfuscate reversed-base64 bash script for SSH key comment, reverse engineer .so module to extract AES-256-CBC key/IV and decrypt system.exec responses.

$ ls tags/ techniques/

rce encryption pcap aes malware bash_obfuscation redis rogue_server cryptominer cron_persistence

bash_deobfuscationaes_256_cbc_decryptionredis_rogue_serverredis_resp_parsingelf_reverse_engineeringcron_job_injectionredis_module_rcesplit_flag_recovery

Analysis

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat.

$ python3 exploit.py --target 192.168.1.1 --port 8080
[*] Connecting to target...
[+] Shell obtained!

Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.

🔒

Permission denied (requires tier.pro)

Sign in to access full writeups

Create a free account with GitHub, then upgrade to Pro.

$ssh [email protected]