Profiles
No profile? No problem.
medium
120 min
To access material, start machines and answer questions login.
The incident response team has alerted you that there was some suspicious activity on one of the Linux database servers.
A memory dump of the server was taken and provided to you for analysis. You advise the team that you are missing crucial information from the server, but it has already been taken offline. They just made your job a little harder, but not impossible.
Click on the Download Task Files button at the top of this task. You will be provided with an evidence.zip file.
Extract the zip file's contents and begin your analysis in order to answer the questions.Note: The challenge is best done using your own environment. I recommend using Volatility 2.6.1 to handle this task and strongly advise using this article by Sean Whalen to aid you with the Volatility installation.
And what time was the users.db file approximately accessed? Format is YYYY-MM-DD HH:MM:SS
What is the MD5 hash of the malicious file found?
What is the IP address and port of the malicious actor? Format is IP:Port
What is the full path of the cronjob file and its inode number? Format is filename:inode number
What command is found inside the cronjob file?
Created by
Room Type
Free Room. Anyone can deploy virtual machines in the room (without being subscribed)!
Users in Room
2,855
Created
463 days ago
Ready to learn Cyber Security? Create your free account today!
TryHackMe provides free online cyber security training to secure jobs & upskill through a fun, interactive learning environment.
Already have an account? Log in