Forum Widgets
Recent Discussions
Trick or Treat on Specter Street: Ghost of the SOC
I know it's one of the challenge labs but I'm fairly sure I'm missing something extremely straight forward, it's 100 point difficulty 4.... Someone help me please! I'm banging my head against a wall with this one! If anyone can point me in the right direction of the specific persistence mechanism I think that would be a start Q8. Use the service account to delete the spirit's persistence mechanism. The methods you employ to gain access to this account are up to you.
FIN7 Threat Hunting with Splunk: Ep.2 – Initial Access
Question 8: Extract the hex-encoded image from the RTF that starts on line 108. Decode and open the resulting image file. What is the first line of text that appears in the image? I facing difficulties answering this question, Please let me know how can I answer this?
Trick or Treat on Specter Street: Widow's Web
I am very stucked in Trick or Treat on Specter Street: Widow's Web I can't do none of the questions, but in any case I start by 4th that is the first answerable one Your first task is to simulate the loyal Crawlers. Run legitimate-crawler and inspect the output in Lab-Files to observe their behavior. To simulate the rogue Crawlers, you must discover the hidden paths on the website. Read the blog posts – they contain clues. Disallow these in Website-Files/robots.txt and run malicious-crawler. Inspect the output in Lab-Files. What is the token? I have created the robots.txt file since I understand that malicious-crawler goes expressedly there. My robots.txt contains all url's I can imagin Disallow: /secret Disallow: /treat Disallow: /hidden Disallow: /crypt Disallow: /warden Disallow: /rituals Disallow: /witch-secrets Disallow: /admin Disallow: /vault Disallow: /uncover Disallow: /post1 Disallow: /post2 Disallow: /post3 Disallow: /post4 Disallow: /contact Disallow: /drafts/rituals But the result of malicious-crawler.txt doesn't give me either a token nor a hint I have curl-ed all pages looking for words as token and nothing. I have found some key words in http://127.0.0.1:3000/witch-secrets as intercepted-incantations, decoded them and nothing. I have searched in spider-sigthings.log what hapened at 3.00 am but nothing Can someone gime me a hint?
Trick or Treat on Specter Street: Ghost of the SOC
Hi there, Am I right as obvious that it may seem that for me to login to Kibana, I need to access this through the Elastic IP address that I have entered in my browser? If so I'm getting the error message on my screenshot. I tried this a few days ago as well and the problem persisted then as well.
Server-Side Request Forgery Q6 & Q7
Hi, I am looking for some help with the question "Exploit the SSRF vulnerability and read the configuration file of the previously identified service account, running on port 3000. What version number is the bot running?" I have found the bot name and tried the URL 10.102.160.173/lookup?url=http://localhost:3000/svc-debug/config However, it doesn't matter which way I try the URL; I can't seem to get it to work. Any Suggestions. I would think that the help for this would also assist with Q7.Digital Forensics: File Carving
Hi there, I was just wondering if somebody could please direct me in the correct direction for Q3. The configuration files are stored on my home directory but when I input the command as on my screenshot nothing seems to happen...making me think there must be something incorrect in my command.
