Advent of Cyber 2023

Room Name: Advent of Cyber 2023 Room Link: https://tryhackme.com/room/adventofcyber2023

Is there a dedicated Advent of Cyber channel on TryHackMe Discord where users can discuss daily challenges and receive dedicated support? (yes/no) yes What is McGreedy's personal email address? t.mcgreedy@antarcticrafts.thm What is the password for the IT server room door? BtY2S02 What is the name of McGreedy's secret project? Purple Snow How many packets were captured (looking at the PacketNumber)? 100 What IP address sent the most amount of traffic during the packet capture? 10.10.1.4 What was the most frequent protocol? ICMP Using crunch and hydra, find the PIN code to access the control system and unlock the door. What is the flag? THM{pin-code-brute-force} What is the correct username and password combination? Format username:password isaias:Happiness What is the flag? THM{m3rrY4nt4rct1crAft$} How large (in bytes) is the AC2023.BAK file? 12,704 What is the name of the backup program? BackupMaster3000 What should the correct bytes be in the backup's file signature to restore the backup properly? 41 43 What is the flag after restoring the backup successfully? THM{0LD_5CH00L_C00L_d00D} If the coins variable had the in-memory value in the image below, how many coins would you have in the game? 1397772111 What is the value of the final flag? THM{mchoneybell_is_the_real_star} How many unique IP addresses are connected to the proxy server? 9 How many unique domains were accessed by all workstations? 111 What status code is generated by the HTTP requests to the least accessed domain? 503 Based on the high count of connection attempts, what is the name of the suspicious domain? frostlings.bigbadstash.thm What is the source IP of the workstation that accessed the malicious domain? 10.10.185.225 How many requests were made on the malicious domain in total? 1581 Having retrieved the exfiltrated data, what is the hidden flag? THM{a_gift_for_you_awesome_analyst!} What is the malware C2 server? mcgreedysecretc2.thm What is the file inside the deleted zip archive? JuicyTomaTOY.exe What flag is hidden in one of the deleted PNG files? THM{byt3-L3vel_@n4Lys15} What is the SHA1 hash of the physical drive and forensic image? 39f2dea6ffb43bf80d80f19d122076b3682773c2 What HTTP User-Agent was used by the malware for its connection requests to the C2 server? Mozilla/5.0 (Macintosh; Intel Mac OS X 14_0) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.0 Safari/605.1.15 What is the HTTP method used to submit the command execution output? POST What key is used by the malware to encrypt or decrypt the C2 data? youcanthackthissupersecurec2keys What is the first HTTP URL used by the malware? http://mcgreedysecretc2.thm/reg How many seconds is the hardcoded value used by the sleep function? 15 What is the C2 command the attacker uses to execute commands via cmd.exe? shell What is the domain used by the malware to download another binary? stash.mcgreedy.thm Manually navigate the defaced website to find the vulnerable search form. What is the first webpage you come across that contains the gift-finding feature? /giftsearch.php Analyze the SQL error message that is returned. What ODBC Driver is being used in the back end of the website? ODBC Driver 17 for SQL Server Inject the 1=1 condition into the Gift Search form. What is the last result returned in the database? THM{a4ffc901c27fb89efe3c31642ece4447} What flag is in the note file Gr33dstr left behind on the system? THM{b06674fedd8dfc28ca75176d3d51409e} What is the flag you receive on the homepage after restoring the website? THM{4cbc043631e322450bc55b42c} What is the hash of the vulnerable user? 03E805D8A8C5AA435FB48832DAD620E3 What is the content of flag.txt on the Administrator Desktop? THM{XMAS_IS_SAFE} What is the default port for Jenkins? 8080 What is the password of the user tracy? 13_1n_33 What's the root flag? ezRo0tW1thoutDiD What is the error message when you login as tracy again and try sudo -l after its removal from the sudoers group? Sorry, user tracy may not run sudo on Jenkins. What's the SSH flag? Ne3d2SecureTh1sSecureSh31l What's the Jenkins flag? FullTrust_has_n0_Place1nS3cur1ty Which security model is being used to analyse the breach and defence strategies? Diamond Model Which defence capability is used to actively search for signs of malicious activity? Threat hunting What are our main two infrastructure focuses? (Answer format: answer1 and answer2) Firewall and Honeypot Which firewall command is used to block traffic? Deny There is a flag in one of the stories. Can you find it? THM{P0T$_W@11S_4_S@N7@} What is the other term given for Artificial Intelligence or the subset of AI meant to teach computers how humans think or nature works? Machine Learning What ML structure aims to mimic the process of natural selection and evolution? Genetic Algorithm What is the name of the learning style that makes use of labelled data to train an ML structure? Supervised Learning What is the name of the layer between the Input and Output layers of a Neural Network? Hidden Layer What is the name of the process used to provide feedback to the Neural Network on how close its prediction was? Back-Propagation What is the value of the flag you received after achieving more than 90% accuracy on your submitted predictions? THM{Neural.Networks.are.Neat!}