help with A Christmas Catastrophe: A Letter to Santa
I am in the scalation privileges part. Tried to create a symlink to /root/root.txt and to /root in /etc/letters/ waiting cron /etc/chmod.sh takes ownership with chmod 666 instruction and then extract token, but doesn't work Any help? Is there something missing?
Incident Response Suspicious Email Part 2 last Question
Hello I am getting slowly crazy here. The last question of Suspicious Email Part 2 asks to find the FQDN of the threat actor within the output that in the previous questions we had to deobfuscate after unpacking the vbaProject.bin using Oletools and / or a script. I created a script to convert Decimal to ASCII and the Hash in the end was matching and I solved the 2nd to last question. However afterwards it says the FQDN should be in the file I just created. This is not the case. I checked the file with strings and even read the whole file line by line to find any FQDN. The only sites in there are apache and zeustech which are only in there because ApacheBench got used in the Malware. There is no trace of any further FQDN. So I'm effectively stuck there because I can't find any worthwhile Info. Does anyone have any Idea? Or is this Lab just broken? I redid the whole Lab from scratch 2 times already. Both times I wrote a new Script aswell and everytime the Hash is correct but there is no FQDN to be found anywhere in there.
Ep 7 Post Exploitation With Metasploit
I’m having issues with q9 and don’t know why what I’m currently doing isn’t working. I’ve ran SharpUp.exe and found a vulnerable binary location (C:/Windows/Important-Service/Important-Service.exe). From my original meterpreter session, I have uploaded a new msfvenom payload called Important-Service.exe to the location above, with hope to spawn a new shell on another listener. Nothing is happening when I start the service or execute the exe. Any pointers with this one? I feel that what I am doing is correct and should work.
Incident Response: Suspicious Email – Part 2 -Help Needed.
Hi, I'm currently trying to complete this lab but I'm stuck on step 10. I have tried to use the different tools at hand but I'm struggling to extract the VBA and getting the binaries for it. Any help would be much appreciated. Kind Regards, jjdeno99
Modern Encryption: Demonstrate Your Skills
Hello, I am a little stuck on Q3 for this lab and would really appreciate any help I can get. So I have followed the steps as required by encrypting the file - plaintext_1.txt and set the password as per steps on the actual file itself - plaintext_1.txt. However after setting the password I am not getting token_1.txt appearing in the Lab-Files folder. What am I doing incorrectly?
Immersive lab Ghidra, Ep2.
In This lab I have answered all of the questions except question 4 - "Using the function graph on the main function, what is the starting address of the last basic block?" It is not clear which block the "last" one is. I have entered the starting address of all basic blocks but none are correct. Is there some secret to this question that I haven't discovered yet?
