Permalink
Cannot retrieve contributors at this time
Name already in use
A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
guesswhom/README.md
Go to fileThis commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
78 lines (43 sloc)
1.59 KB
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Post 1 | |
| Defaced internal website leads to the Crypto messages. | |
| ## Clue 1 - Base64 | |
| ### Plain | |
| I've been a member of the elite hacker group known as "batmen" for over 7 years, and I know a thing or two about hacking. | |
| ### Clue | |
| SSd2ZSBiZWVuIGEgbWVtYmVyIG9mIHRoZSBlbGl0ZSBoYWNrZXIgZ3JvdXAga25vd24gYXMgImJhdG1lbiIgZm9yIG92ZXIgNyB5ZWFycywgYW5kIEkga25vdyBhIHRoaW5nIG9yIHR3byBhYm91dCBoYWNraW5nLiA= | |
| ## Clue 2 - Rot13 | |
| ### Plain | |
| Attack log: successful use of "ven_diagrams" remote access and rootkit suite | |
| ### | |
| Clue Nggnpx ybt: fhpprffshy hfr bs "ira_qvntenzf" erzbgr npprff naq ebbgxvg fhvgr | |
| ## Clue 3 - Pig pen | |
| ### Plain | |
| hardsell trojan deployed | |
| successful injection | |
| hardsell backdoor initiated | |
| ### Clue | |
|  | |
| ## Clue 4 - Bacon | |
| ### Plain | |
| Last log-in from 128.128.0.6 | |
| ### Clue | |
| 01010 00000 10001 10010 01010 01101 00110 01000 01100 00101 10000 01101 01011 | |
| ## Extra hard stuff | |
| flag:colourbynumbers | |
|  | |
| # Post 2 | |
| Exif data | |
| A number of pictures with exif data that narrows down | |
| (Extra challenge: some also have stego) | |
| # Post 3 | |
| Known affiliation leads them to the hacker org website | |
| Secret dir from logs available... also basicauth creds | |
| Message on the forum claiming the recent attack against X was done by the east london contingent MS-2709 | |
| (Extra challenge: web stuff, SQL injection, XSS?) | |
| Possible Web Challenge. FLATCORE CMS.... It’s a cool hack (and via user agent) | |
| # Webinar | |
| People will know: | |
| What has happened | |
| The last few potential hackers | |
| Captured phone: spy on it | |
| Show how to refine the list using wigle.net |