
In this article, I tried to prepare a write-up for the “MAL: Strings” room on tryhackme.
[Task 1] What are “strings”?
From a programming perspective, “strings” is the term given for data handled by an application. At a broader view, these pieces of data are used to store information such as text to numerical values.
#1 What is the name of the account that had the passcode of “12345678” in the intellian example discussed above?
ANSWER: intellian
#2 What is the CVE entry disclosed by the company “Teradata” in their “Viewpoint” Application that has a password within a string?
ANSWER: CVE-2019-6499
#3 According to OWASP’s list of “Top Ten IoT” vulnerabilities, name the ranking this vulnerability would fall within, represented as text.
ANSWER: one
[Task 2] Practical: Extracting “strings” From an Application
#1 What is the correct username required by the “LoginForm”?
ANSWER: cmnatic
#2 What is the required password to authenticate with?
ANSWER: TryHackMeMerchWhen
#3 What is the “hidden” THM{} flag?
ANSWER: THM{Not_So_Hidden_Flag}
[Task 3] Strings in the Context of Malware
#1 What is the key term to describe a server that Botnets recieve instructions from?
ANSWER: Command and Control
#2 Name the discussed example malware that uses “strings” to store the bitcoin wallet addresses for payment
ANSWER: Wannacry
[Task 4] Practical: Finding Bitcoin Addresses in Ransomware (Deploy!)
#1 List the number of total transactions that the Bitcoin wallet used by the “Wannacry” author(s)
ANSWER: 140
#2 What is the Bitcoin Address stored within “ComplexCalculator.exe”
ANSWER: 1LVB65imeojrgC3JPZGBwWhK1BdVZ2vYNC
[Task 5] Summary
#1 What is the name of the toolset provided by Microsoft that allows you to extract the “strings” of an application?
ANSWER: Sysinternals
#2 What operator would you use to “pipe” or store the output of the strings command?
ANSWER: >
#3 What is the name of the currency that ransomware often uses for payment?
ANSWER: bitcoin
So far, I have tried to explain the solutions of the questions as detailed as I can. I hope it helped you. See you in my next write-up.
Bir Cevap Yazın