Open in app

Sign in

Write

Sign in

Advent Of Cyber 2023 — Day 19

Mansoor Barri
Dec 20, 2023

--

What is the exposed password that we find from the bash history output?

NEhX4VSrN7sV

What is the PID of the miner process that we find?

10280

What is the MD5 hash of the miner process?

153a5c8efe4aa3be240e5dc645480dee

What is the MD5 hash of the mysqlserver process?

c586e774bb2aa17819d7faae18dad7d1

Use the command strings extracted/miner.<PID from question 2>.0x400000 | grep http://. What is the suspicious URL? (Fully defang the URL using CyberChef)

hxxp[://]mcgreedysecretc2[.]thm

After reading the elfie file, what location is the mysqlserver process dropped in on the file system?

/var/tmp/.system-python3.8-Updates/mysqlserver

That’s it | Visit mansoorbarri.com for other hacking & IT related articles.

Tryhackme
Adventofcyber2023
Day19
Writeup
Mansoorbarri

--

--

Mansoor Barri
Mansoor Barri

Written by Mansoor Barri

6 Followers
1 Following

Profile designed to share technology content about Penetration testing, Linux and Windows.

No responses yet

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams