Room Banner

h4cked

Find out what happened by analysing a .pcap file and hack your way back into the machine

easy

45 min

Room progress ( 0% )

To access material, start machines and answer questions login.

Task 1Oh no! We've been hacked!

Answer the questions below
It seems like our machine got hacked by an anonymous threat actor. However, we are lucky to have a .pcap file from the attack. Can you determine what happened? Download the .pcap file and use Wireshark to view it.
The attacker is trying to log into a specific service. What service is this?

There is a very popular tool by Van Hauser which can be used to brute force a series of services. What is the name of this tool?

The attacker is trying to log on with a specific username. What is the username?

What is the user's password?

What is the current FTP working directory after the attacker logged in?

The attacker uploaded a backdoor. What is the backdoor's filename?

The backdoor can be downloaded from a specific URL, as it is located inside the uploaded file. What is the full URL?
Which command did the attacker manually execute after getting a reverse shell?
What is the computer's hostname?

Which command did the attacker execute to spawn a new TTY shell?

Which command was executed to gain a root shell?

The attacker downloaded something from GitHub. What is the name of the GitHub project?

The project can be used to install a stealthy backdoor on the system. It can be very hard to detect. What is this type of backdoor called?

Answer the questions below

Deploy the machine.

The attacker has changed the user's password! Can you replicate the attacker's steps and read the flag.txt? The flag is located in the /root/Reptile directory. Remember, you can always look back at the .pcap file if necessary. Good luck!

Run Hydra (or any similar tool) on the FTP service. The attacker might not have chosen a complex password. You might get lucky if you use a common word list.

Change the necessary values inside the web shell and upload it to the webserver

Create a listener on the designated port on your attacker machine. Execute the web shell by visiting the .php file on the targeted web server.

Become root!

Read the flag.txt file inside the Reptile directory

Created by

User avatar
toxicat0r

Room Type

Free Room. Anyone can deploy virtual machines in the room (without being subscribed)!

Users in Room

28,880

Created

1618 days ago

Ready to learn Cyber Security? Create your free account today!

TryHackMe provides free online cyber security training to secure jobs & upskill through a fun, interactive learning environment.

Already have an account? Log in

We use cookies to ensure you get the best user experience. For more information contact us.

Read more