Root me write-up : Command & Control - level 5

Maybe password wekness... The Challenge privides the 512 MB dmp file. I used Linux tool Volatility to extract passwords. - volatility hivelist -f /root/test/ch2.dmp --profile=Win7SP0x86 - volatility hashdump -f /root/test/ch2.dmp --profile=Win7SP0x86 -y 0x8b21c008 -s 0x9aad6148 > rst.txt I put the OS that I checked with imageinfo into · · ·

Root me write-up : Logs analysis - web attack

This is a quiz to find flags in web server logs. The web server log contains the base64 encoding value in the order variable, and the URL encoding value in the end. Decode the URL encoding value, decode the Base64 value of the order variable, so the DB query is displayed. ❑ ASC : Ascending sort. ❑ case 1 when 1 then TRUE : Conditional statement(If-then-else) ❑ · · ·

Root me write-up : Command & Control - level 2

When I unzip the downloaded file, a.dump file is created. The goal is to find the host name in this dump file. I used the "volatility" tool to analyze the dump file. I checked the OS with the "imageinfo" plugin. The "envars" plugin can check the environment variables of the processes, which can be used to check hostnames. The · · ·