Hackthebox Sherlocks Takedown
Created|Updated|HTB-Sherlocks
|Post Views:
Author: Nightsedge
Copyright Notice: All articles on this blog are licensed under CC BY-NC-SA 4.0 unless otherwise stated.
Related Articles
2024-12-31
Hackthebox Sherlocks Compromised
Hackthebox Sherlocks - Compromised WriteUp
2024-12-31
Hackthebox Sherlocks OpTinselTrace24-4:Neural Noel
Hackthebox Sherlocks - OpTinselTrace24-4 Neural Noel WriteUp
2024-10-27
Preparation of Windows Forensic Virtual Machine
Brief Setup for Preparation of Windows Forensic Virtual Machine
2024-12-10
HKCert CTF Forensic - Wheres the APT Attack 1 Guide
HKCert CTF Forensic - Q1 - Where's the APT Attack? APT攻擊在哪裡? Suspicious file 可疑檔案
2024-12-10
HKCert CTF Forensic - Wheres the APT Attack 2 Guide
HKCert CTF Forensic - Q2 - Where's the APT Attack? APT攻擊在哪裡? Suspicious process 可疑進程
2024-12-20
HKCert CTF Forensic - Wheres the APT Attack 3 Guide
HKCert CTF Forensic - Hidden Question - Where's the APT Attack? APT攻擊在哪裡? Hidden Flag? 隱藏旗?
Contents
- 1. Hackthebox Sherlocks - Takedown
- 2. Tasks
- 2.1. Task 1: From what domain is the VBS script downloaded
- 2.2. Task 2: What was the IP address associated with the domain in question #1 used for this attack?
- 2.3. Task 3: What is the filename of the VBS script used for initial access?
- 2.4. Task 4: What was the URL used to get a PowerShell script?
- 2.5. Task 5: What likely legit binary was downloaded to the victim machine?
- 2.6. Task 6: From what URL was the malware used with the binary from question #5 downloaded?
- 2.7. Task 7: What filename was the malware from question #6 given on disk?
- 2.8. Task 8: What is the TLSH of the malware?
- 2.9. Task 9: What is the name given to this malware? Use the name used by McAfee, Ikarus, and alejandro.sanchez.
- 2.10. Task 10: What is the user-agent string of the infected machine?
- 2.11. Task 10: To what IP does the RAT from the previous question connect?