Psittaciformes - Linux (DFIR)

2025年1月9日10:01:04评论16 views字数 1231阅读4分6秒阅读模式

Forela carry out penetration testing of their internal networks utilising an internal team within their security department. The security team have notes from tests in addition to company critical credentials. It seems their host may have been compromised. Please verify how this occurred using the retrospective collection provided.

What is the name of the repository utilized by the Pen Tester within Forela that resulted in the compromise of his host?

autoenum

What is the name of the malicious function within the script ran by the Pen Tester?

https://github.com/pttemplates/autoenum/blob/main/enum.sh

do_wget_and_run

What is the password of the zip file downloaded within the malicious function?

What is the full URL of the file downloaded by the attacker?

https://www.dropbox.com/scl/fi/uw8oxug0jydibnorjvyl2/blob.zip?rlkey=zmbys0idnbab9qnl45xhqn257&st=v22geon6&dl=1

When did the attacker finally take out the real comments for the malicious function?

git clone https://github.com/pttemplates/autoenum.gitgit log --pretty=onelinegit show 7d203152c5a3a56af3d57eb1faca67a3ec54135f

2024-12-23 22:27:58

The attacker changed the URL to download the file, what was it before the change?

What is the MITRE technique ID utilized by the attacker to persist?

What is the name of the technique relevant to the binary the attacker runs?

we can see that is a miner.

原文始发于微信公众号（Definite R3dBlue）：Psittaciformes - Linux (DFIR)

免责声明:文章中涉及的程序(方法)可能带有攻击性，仅供安全研究与教学之用，读者将其信息做其他用途，由读者承担全部法律及连带责任，本站不承担任何法律及连带责任；如有问题可邮件联系(建议使用企业邮箱或有效邮箱,避免邮件被拦截，联系方式见首页)，望知悉。

左青龙
微信扫一扫

右白虎
微信扫一扫

Psittaciformes - Linux (DFIR)

在受限 SQL 注入场景中枚举 MySQL 8.x 和 9.x 中表名的有趣技术

内网渗透—访问控制

200小时狂赚$20,300：我的漏洞赏金黑客挑战实录

让主流大模型集体破防的回音室攻击

人工智能（AI）在城镇作战中的应用及对我启示

破解和sql漏洞利用，双管齐下的1433

劫持 TypeLib 新的 COM 持久性技术

AI产业的版权危机：Meta大模型完整记忆了《哈利·波特》

为什么RAG技术并不适合代码类智能体

TeamViewer 远程管理漏洞 (CVE-2025-36537) 可导致权限提升

发表评论

在线咨询

微信