Skip to content
Permalink
8b47522d77
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?

guesswhom/README.md

Go to file
 
 
Cannot retrieve contributors at this time
Post 1 Clue 1 - Base64 Plain Clue Clue 2 - Rot13 Plain Clue 3 - Pig pen Plain Clue Clue 4 - Bacon Plain Clue Extra hard stuff Post 2 Post 3 Webinar
78 lines (43 sloc) 1.59 KB
Raw Blame

Post 1

Defaced internal website leads to the Crypto messages.

Clue 1 - Base64

Plain

I've been a member of the elite hacker group known as "batmen" for over 7 years, and I know a thing or two about hacking.

Clue

SSd2ZSBiZWVuIGEgbWVtYmVyIG9mIHRoZSBlbGl0ZSBoYWNrZXIgZ3JvdXAga25vd24gYXMgImJhdG1lbiIgZm9yIG92ZXIgNyB5ZWFycywgYW5kIEkga25vdyBhIHRoaW5nIG9yIHR3byBhYm91dCBoYWNraW5nLiA=

Clue 2 - Rot13

Plain

Attack log: successful use of "ven_diagrams" remote access and rootkit suite

Clue Nggnpx ybt: fhpprffshy hfr bs "ira_qvntenzf" erzbgr npprff naq ebbgxvg fhvgr

Clue 3 - Pig pen

Plain

hardsell trojan deployed successful injection hardsell backdoor initiated

Clue

image

Clue 4 - Bacon

Plain

Last log-in from 128.128.0.6

Clue

01010 00000 10001 10010 01010 01101 00110 01000 01100 00101 10000 01101 01011

Extra hard stuff

flag:colourbynumbers

piet image

Post 2

Exif data

A number of pictures with exif data that narrows down

(Extra challenge: some also have stego)

Post 3

Known affiliation leads them to the hacker org website

Secret dir from logs available... also basicauth creds

Message on the forum claiming the recent attack against X was done by the east london contingent MS-2709

(Extra challenge: web stuff, SQL injection, XSS?)

Possible Web Challenge. FLATCORE CMS.... It’s a cool hack (and via user agent)

Webinar

People will know:

What has happened

The last few potential hackers

Captured phone: spy on it

Show how to refine the list using wigle.net