It’s just you and me. Alone. In this room. ;)
Task 1: What are Strings?
Q1:What is the name of the account that had the passcode of “12345678” in the intellian example discussed above?
I typed “intellian account password 12345678” into Google. The first result was a link to CVE-2020–8000. Answer is found there.
Q2: What is the CVE entry disclosed by the company “Teradata” in their “Viewpoint” Application that has a password within a string?
I typed “teradata viewpoint cve” into Google and the answer can be found in the first result.
Q3: According to OWASP’s list of “Top Ten IoT” vulnerabilities, name the ranking this vulnerability would fall within, represented as text.
Go find OWASP’s list of Top 10 IoT vulnerabilities and find the ONE that’s most relevant to what we’ve covered in this task
Task 2: Practical: Extracting “strings” from an Application
Q1:What is the correct username required by the “LoginForm”?
I was already working in root so I just typed the command “strings LoginForm.exe” and it brought me to where I needed to be. But if need be, you can use the strings command and type in the path to the downloaded file :)
The username will probably stand out to you, scroll a little bit and you’ll see some text very familiar to a typical login form
Q2: What is the required password to authenticate with?
Right under the username
Q3:What is the “hidden” THM{} flag?
I know you see it, I know you do
Task 3: Strings in the Context of Malware
Q1: What is the key term to describe a server that Botnets recieve instructions from?
Answer is found in the third paragraph
Q2 : Name the discussed example malware that uses “strings” to store the bitcoin wallet addresses for payment
Answer is found in the fourth paragraph
Task 4: Practical: Finding Bitcoin Addresses in Ransomware (Deploy!)
Q1: List the number of total transactions that the Bitcoin wallet used by the “Wannacry” author(s)
Go to https://live.blockcypher.com/ and type in the Bitcoin address used by the authors of Wannacry (13AM4VW2dhxYgXeQepoHkHSQuy6NgaEb94) into the search bar. Scroll a little bit and you’ll see the total number of transactions
Q2: What is the Bitcoin Address stored within “ComplexCalculator.exe”
Follow the prompts in the task but the first command for me was:
cd Desktop\SysinternalsSuite
Then once you open your text file, press ctrl + f, type in “bitcoin” to find the Bitcoin address.
Or you can scroll, that’s okay too.
Task 5: Summary
Q1: What is the name of the toolset provided by Microsoft that allows you to extract the “strings” of an application
We’ve used this toolset in previous rooms but it’s the name of the folder we used in the previous task
Q2:What operator would you use to “pipe” or store the output of the strings command?
Answer can be found in Task 2
Q3:What is the name of the currency that ransomware often uses for payment?
It’s the name of the only cryptocurrency we discussed in this room :)