Adams Write-ups and References

Summary Author: @JohnHammond A threat actor exposed an open directory on the public internet! We could explore their tools for some further intelligence. Can you find a flag they might be hiding? NOTE: This showcases genuine malware samples found a real opendir. For domain reputation purposes, this is behind Basic Authentication with credentials: opendir:opendir Steps After authenticating to the application, i’m presented with a directory listing of the web server. I navigated to each of the files that were .

Continue reading 

Summary Author: @JohnHammond#6971 Oh no! A ransomware operator encrypted an environment, and exfiltrated data that they will soon use for blackmail and extortion if they don't receive payment! They stole our data! Luckily, we found what looks like a configuration file, that seems to have credentials to the actor's storage server... but it doesn't seem to work. Can you get onto their server and delete all the data they stole!? Steps Starting this challenge we presented with a docker instance and an attachment that has the following inside:

Continue reading 

Summary Author: @JohnHammond We uncovered a database. Perhaps the flag is right between your fingertips! Steps This challenge started with a file called thumbcache_256.db. I initially started with my Linux VM, but soon discovered this file is part of the windows operating system and I found an open source project that allows us to extract the thumbnail images from the database file. You can find more on the windows program here.

Continue reading 

Summary Author: @JohnHammond What's this? Steps I downloaded the query_code file and executed file query_code and received the following response query_code: PNG image data, 111 x 111, 1-bit colormap, non-interlaced Naming the file to query_code.png, I opened the file in FireFox to see a QR code. I opted to use scanqr.org to read the response of the QR code and I discovered the flag. flag: flag{3434cf5dc6a865657ea1ec1cb675ce3b}

Continue reading 

Summary Author: @HuskyHacks Wanna play a game of rock, paper, scissors against a computer that can read your mind? Sounds fun, right? Steps I downloaded the executable to my Flare Windows VM and executed it. I was presented with a game of rock, paper, scissors. Unfortunately, reverse engineering is not something i’m very skilled at and this challenge took me a while to figure out exactly what was going on. To start the RE process, I fired up Ghidra and loaded the file.

Continue reading 