The Hunt for LOLbins

POPULARITY – 297 views

Tagged under: Log Files

Stephen Owens had been working for the terrorist organization Ahemait for the past few years. He was a skilled hacker who was trusted to carry out some of the most important tasks for the group. His most recent mission was to infiltrate the highly secure systems of Tiberian Order. Stephen had been trying to breach their systems for months. He had used every trick in the book, from Phishing attacks and USB drops to Social Engineering techniques. He knew that if he could get a Tiberian Order staff member to plug-in one of his malicious USB sticks, it would open up a backdoor in their system that could then be used to setup persistence to their systems. Finally, after months of trying, Stephen was successful, one of their employees had used one of the malicious USB devices, unknowingly infecting their systems with the backdoor.

The USB worked like a charm, Ahemait now had a way to gain access to the Tiberian Order systems and plant their malicious code. It was a major victory for the group and Stephen was proud of his accomplishment. But, while Stephen was proud of his achievement, he knew that it was only the beginning. Ahemait was still far from achieving its ultimate goal of taking down Tiberian Order once and for all. But the fight was far from over and Stephen and Ahemait were ready for whatever came next.

Briefing

Greetings, Special Agent K.

Intelligence from our S.I.S.U unit tipped us off to a plot by Ahemait to infiltrate our systems, with the assistance of our Red Team and A.S.I.C units we were able to setup a “Honey Pot” before they attempted to breach us, we allowed for a segregated portion of our network to be purposely infected by one of Ahemait’s USB sticks, once they initiate a connection we can then trace them and reverse the code, modify it and then use their own malicious code against them. Your task is to trawl through the Event Logs and locate the suspicious entries, and then analyse and reverse them to work out what the final result is.

As always, Special Agent K. The Contract is yours, if you choose to accept.

Materials and Answer Instruction

Warning: Windows Defender may pick this up and try to quarantine it, there is no malicious code in this, it is flagged purely because it is obfuscated – Windows Defender doing what it is supposed to do.

Download the FLAGFILE

Download the MATERIAL

Answer Format	W0rd{s0me-very-0bscur3-gu1d-5tr1ng}
Answer Example	W0rd{s0me-very-0bscur3-gu1d-5tr1ng}

Write-ups: The Hunt for LOLbins

Mark	https://flagthecapture.blogspot.com/2023/05/ctf-writeup-hacktoria-contract-hunt-for.html
harisqazi	https://www.harisqazi.com/write-ups/hacktoria/the-hunt-for-lolbins
B0neShAd0w	https://github.com/B0neShAd0w/Hacktoria/blob/main/The%20Hunt%20for%20LOLBins.md

Submit your own write-ups via this page: https://hacktoria.com/submit-a-write-up/