Open in app

Sign in

Write

Sign in

Advent Of Cyber 2023 — Day 8

Mansoor Barri
Dec 9, 2023

--

What is the malware C2 server?

Click on the text file from the delete folder, this will contain the c2 server

mcgreedysecretc2.thm

What is the file inside the deleted zip archive?

the deleted zip file will contain the .exe file

JuicyTomaToy.exe

What flag is hidden in one of the deleted PNG files?

open “portrait.png” > click Hex View > CTRL + F > search for “THM{”

THM{byt3-L3vel_@n4Lys15}

What is the SHA1 hash of the physical drive and forensic image?

Drive > File > Verify drive/Image

39f2dea6ffb43bf80d80f19d122076b3682773c2

That’s it | Visit mansoorbarri.com for other hacking & IT related articles.

Tryhackme
Adventofcyber2023
Day 8
Mansoorbarri
Writeup

--

--

Mansoor Barri
Mansoor Barri

Written by Mansoor Barri

6 Followers
1 Following

Profile designed to share technology content about Penetration testing, Linux and Windows.

No responses yet

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams