[THM] Advent of Cyber 2022 ALL FLAGS AND ANSWERS

Sweet_Johnson

Member
Dec 9, 2022
19
8
3
DAY 1 :
The Bandit Yeti
THM{IT'S A Y3T1 CHR1$TMA$}

Use the ls command to list the files present in the current directory. How many log files are present?

2

Elf McSkidy managed to capture the logs generated by the web server. What is the name of this log file?

webserver.log

On what day was Santa's naughty and nice list stolen?

Friday

What is the IP address of the attacker?

10.10.249.191

What is the name of the important list that the attacker stole from Santa?

santaslist.txt

Look through the log files for the flag. The format of the flag is: THM{}

THM{STOLENSANTASLIST}


=====DAY 3 =====

What is the name of the Registrar for the domain santagift.shop?

NAMECHEAP INC

Find the website's source code (repository) on github.com and open the file containing sensitive credentials. Can you find the flag?

{THM_OSINT_WORKS}

What is the name of the file containing passwords?

config.php

What is the name of the QA server associated with the website?

qa.santagift.shop

What is the DB_PASSWORD that is being reused between the QA and PROD environments?

S@nta2022


===== DAY 4 =====

What is the name of the HTTP server running on the remote host?

apache

What is the name of the service running on port 22 on the QA server?

ssh

What flag can you find after successfully accessing the Samba service?

{THM_SANTA_SMB_SERVER}

What is the password for the username santahr?

santa25


===== DAY 5 =====


Use Hydra to find the VNC password of the target with IP address 10.10.208.109. What is the password?

1q2w3e4r

Using a VNC client on the AttackBox, connect to the target of IP address 10.10.208.109. What is the flag written on the target’s screen?

THM{I_SEE_YOUR_SCREEN}


===== DAY 6 =====

What is the email address of the sender?

[email protected]

What is the return address?

[email protected]

On whose behalf was the email sent?

chief elf

What is the X-spam score?

3

What is hidden in the value of the Message-ID field?

AoC2022_Email_Analysis

Visit the email reputation check website provided in the task. What is the reputation result of the sender's email address?

risky

Check the attachments. What is the filename of the attachment?#

Division_of_labour-Load_share_plan.doc

What is the hash value of the attachment?

0827bb9a2e7c0628b82256759f0f888ca1abd6a2d903acdb8e44aca6a1a03467

Visit the Virus Total website and use the hash value to search. Navigate to the behaviour section. What is the second tactic marked in the Mitre ATT&CK section?

Defense Evasion

Visit the InQuest website and use the hash value to search. What is the subcategory of the file?

macro_hunter


===== DAY 7 =====

What is the version of CyberChef found in the attached VM?

9.49.0

How many recipes were used to extract URLs from the malicious doc?

10

We found a URL that was downloading a suspicious file; what is the name of that malware?

mysterygift.exe

What is the last defanged URL of the bandityeti domain found in the last step?

hxxps[://]cdn[.]bandityeti[.]THM/files/index

What is the ticket found in one of the domains? (Format: Domain/<GOLDEN_FLAG>)

THM_MYSTERY_FLAG


===== DAY 8 =====

What flag is found after attacking the provided EtherStore Contract?

flag{411_ur_37h_15_m1n3}

:)