I know it's one of the challenge labs but I'm fairly sure I'm missing something extremely straight forward, it's 100 point difficulty 4.... Someone help me please! I'm banging my head against a wall with this one!If anyone can point me in the right direction of the specific persistence mechanism I think that would be a startQ8. Use the service account to delete the spirit's persistence mechanism. The methods you employ to gain access to this account are up to you.

Hey Yammmy, could you share what you've tried and I'll try to give you a hint from there on? The credentials are hidden in a file on the haunted host :)

Thanks Yammmy and clowdier!, super hint I was totally lost trying to use meterpreter and those stuffs hahah.I finally complete the labs from this week!

This wasn't anything too suprising. A recusive search of the word svc (full name will be faster) will get you the creds you desire.

DG seems to be some sort of god-level challenge exterminator. I assume they can help you.

LewisMutton The answer to Q6 will clue you into the persistence mechanism you need to delete :)

Trick or Treat on Specter Street: Ghost of the SOC

29 Replies

CyberSharpe
Silver I
8 days ago
This wasn't anything too suprising. A recusive search of the word svc (full name will be faster) will get you the creds you desire.
- clowdier
  Immerser
  5 days ago
  Precisely!
SamDickison
Community Manager
12 days ago
DG seems to be some sort of god-level challenge exterminator. I assume they can help you.
clowdier
Immerser
12 days ago
LewisMutton The answer to Q6 will clue you into the persistence mechanism you need to delete :)
- LewisMutton
  Bronze III
  12 days ago
  Yeah, I got that, but I can't identify the specific instance of said persistence mechanism 😅
  - clowdier
    Immerser
    11 days ago
    I see! If you've already brought up a list of all instances of that specific persistence type, and then reviewed the details for each one, one of them will look suspicious!
Yammmy
Bronze II
11 days ago
Same here. How do I get access to the service account? Been trying for hours!
- clowdier
  Immerser
  11 days ago
  Hey Yammmy, could you share what you've tried and I'll try to give you a hint from there on? The credentials are hidden in a file on the haunted host :)
  - Yammmy
    Bronze II
    11 days ago
    Thanks! I tried reading the logs / using hydra / did a search on the haunted machine but couldn’t find anything useful
- SamDickison
  Community Manager
  11 days ago
  clowdier got any more hints?

steven

Silver II

4 days ago

maybe I was too radical, i've deleted everything which was not by windows :)

Get-ScheduledTask | Where-Object { $_.TaskPath -notlike '\Microsoft\*' } | ForEach-Object {
  try {
    Disable-ScheduledTask -TaskName $_.TaskName -TaskPath $_.TaskPath -ErrorAction Stop | Out-Null
    Unregister-ScheduledTask -TaskName $_.TaskName -TaskPath $_.TaskPath -Confirm:$false -ErrorAction Stop
    Write-Host "Removed: $($_.TaskPath)$($_.TaskName)"
  } catch {
    Write-Warning "Failed: $($_.TaskPath)$($_.TaskName) — $($_.Exception.Message)"
  }
}

solved the lab and removed some services too much, but hey, .. to be on the safe side :)

SamDickison
Community Manager
3 days ago
Purge the services!

Forum Discussion

Trick or Treat on Specter Street: Ghost of the SOC

29 Replies

Featured Places

Help & Support Forum

Related Content

Trick or Treat on Specter Street: Ripper's Riddle

Trick or Treat on Specter Street: Ghost of the SOC

Trick or Treat on Specter Street: Manor of Madness

1 - 3 Specter St

Labs Live on Specter St - Week 1

Recent Discussions

Web App Hacking (Lab series): CVE-2022-2143 (iView2)

Lab 9: Macro Polo

"What is the token from the table?"

Trick or Treat on Specter Street: Manor of Madness

Microsoft Sentinel: SOAR Demonstrate your skills