Tardigrade

To access material, start machines and answer questions login.

A server has been compromised, and the security team has decided to isolate the machine until it's been thoroughly cleaned up. Initial checks by the Incident Response team revealed that there are five different backdoors. It's your job to find and remediate them before giving the signal to bring the server back to production.

First, let's start the Virtual Machine by pressing the Start Machine button at the top of this task. You may access the using the AttackBox or your connection.

To start our investigation, we need to connect to the server. The team has provided the credentials for use below and noted that the user has root privileges to the server. I'll help guide you along at first, but as we progress through each step, I'm sure you'll feel more comfortable solving these on your own.

user: giorgio

password: armani

Answer the questions below

What is the server's OS version?

Ready to learn Cyber Security?

The Tardigrade room is only available for premium users. Signup now to access more than 500 free rooms and learn cyber security through a fun, interactive learning environment.

Already have an account? Log in

Tardigrade

Task 1Connect to the machine via SSHTask includes a deployable machine

Task 2Investigating the giorgio accountPremium

Task 3Dirty Wordlist RevisitedPremium

Task 4Investigating the root accountPremium

Task 5Investigating the systemPremium

Task 6Final ThoughtsPremium

Ready to learn Cyber Security?