Room Banner

Block

Encryption? What encryption?

medium

120 min

Room progress ( 0% )

To access material, start machines and answer questions login.

Task 1Server Message Block
One of your junior system administrators forgot to deactivate two accounts from a pair of recently fired employees.
We believe these employees used the credentials they were given in order to access some of the many private files from our server, but we need concrete proof.
The junior system administrator only has a small network capture of the incident and a memory dump of the Local Security Authority Subsystem Service process.
Fortunately, for your company, that is all you need.


Click on the Download Task Files button at the top of this task. You will be provided with an evidence.zip file.

Extract the zip file's contents and recover the information in order to answer the questions.

Note: For free users using the AttackBox, the challenge is best done using your own environment. Some browsers may detect the file as malicious. The zip file is safe to download with md5 of 286c133a1b67c068f86cef06785e104d. In general, as a security practice, download the zip and analyze the forensic files on a dedicated virtual machine, and not on your host OS.

Answer the questions below
What is the username of the first person who accessed our server?

What is the password of the user in question 1?

What is the flag that the first user got access to?
What is the username of the second person who accessed our server?

What is the hash of the user in question 4?

What is the flag that the second user got access to?

Room Type

Free Room. Anyone can deploy virtual machines in the room (without being subscribed)!

Users in Room

4,074

Created

372 days ago

Ready to learn Cyber Security? Create your free account today!

TryHackMe provides free online cyber security training to secure jobs & upskill through a fun, interactive learning environment.

Already have an account? Log in

We use cookies to ensure you get the best user experience. For more information contact us.

Read more