Forum Discussion

clermagic224's avatar
clermagic224
Icon for Bronze II rankBronze II
3 months ago

Help needed for Threat Hunting - Credential Access

Hey! I'm not sure if this is the right place to seek help for labs but I've been trying this lab for the longest of time and could not get the answer for this question. OfficeSupplies.7z felt the most suitable as it was the zip file that the creds were stored. Any help or advice on the approach is appreciated!

 

help & support
  • NyePrior's avatar
    NyePrior
    3 months ago

    Hey clermagic224

    This question is looking for the specific file that contains the credentials, not a ZIP file containing multiple files. If you keep digging, you'll find a file whose filename specifically refers to "passwords"—this is the file you're looking for! The answer to the next question also might give you a clue as to what the correct file is. I hope this helps! 

  • NyePrior's avatar
    NyePrior
    Icon for Immerser rankImmerser
    3 months ago

    Hey clermagic224

    This question is looking for the specific file that contains the credentials, not a ZIP file containing multiple files. If you keep digging, you'll find a file whose filename specifically refers to "passwords"—this is the file you're looking for! The answer to the next question also might give you a clue as to what the correct file is. I hope this helps! 

    • clermagic224's avatar
      clermagic224
      Icon for Bronze II rankBronze II
      3 months ago

      Hey, i tried to query using targetimage, targetgetpath, targetfilename, image with, password* and pw* but still could not find. Any suggestions on how else i should filter? thanks!

      • NyePrior's avatar
        NyePrior
        Icon for Immerser rankImmerser
        3 months ago

        The full path contains the word password, but doesn't start with it, so you'd need to look for *password*, instead of password* 

  • KieranRowley's avatar
    KieranRowley
    Icon for Community Manager rankCommunity Manager
    3 months ago

    Hi clermagic224

    Welcome to The Human Connection and thank you for your question. Please let me discuss this with the lab author and come back to you.